cnymike

Had someone addressed the issue I would have. Since nobody did I decided to search for a solution elsewhere.

My page has three links and the password protection on the post and page is not working when I log out of dashboard and attempt to view the post and page. I am not asked for a password. I’m using Chrome browser on my MacBook Pro and have cleared browser cache numerous times.

• This reply was modified 7 years, 7 months ago by cnymike.

Thank you HostGator for responding.

I’ve asked HostGator for further information and am waiting for their reply

I have a staging area where I design sites. No shopping cart. Just a staging area.

@mthoney – Thanks for updating this plugin. Much appreciated.

I’m alerted to a validation error also. But don’t see one and forms are being sent and received as expected. Wonder if the plugin update has a bug?

I concur. The hits have ceased for my sites as well.

@wpsolutions: pingback protection was not on for the site generating the “XML-RPC server accepts POST requests only” error. However when I enabled pingback protection, I then started getting the 403 response.

I’m getting test and administrator

Well I’ll chime in on this one…

some of my sites result in: XML-RPC server accepts POST requests only.

while others report: 403 Permission Denied You do not have permission for this request /xmlrpc.php

I am getting a deluge of these attempts. Between three websites being targeted, over 200 attempts a day. This just started about 3 days ago.

On second thought I’m not sure what exactly I’ve renamed.

WP Security lets me rename wp-login.php but I’m not sure about wp-admin. How would I know?

When I have the rename login page enabled, I get 404 error if I put in /wp-login.php or /wp-admin.php so I assume both have been renamed?

@wfmattr:

I found this in the access log:
89.35.211.63 – – [15/Sep/2015:09:55:59 -0400] “POST /xmlrpc.php HTTP/1.1” 200 2077 “-” “-“

Not sure how to interpret that.

How do I block the attempts to use the xmlrpc.php? Is that under Advanced Options > Other Options > Immediately block IP’s that access these URLs: ?

And what URL would I put in there if that is the case?

I’ve been reading up on this and someone discussed using this in the .htaccess file:
RewriteRule ^xmlrpc.php$ “https://0.0.0.0/” [R=301,L]

Would that help to mitigate the problem?

@wfmattr: I renamed the login page in WP Security, yes. Are you referring to a different method? As you can notice in the notification, the renamed login page is not reflected in the URL included in the notification. I’m not sure why that is the case.