Your site doesn’t seem to be publicly available at the moment:
http://i.wpne.ws/eDBA
http://isup.me/http://new.mjboerenkamp.nl/
Could you try to connect Jetpack to WordPress.com once again once your site is back up, and is publicly accessible?
Let me know how it goes.
That’s odd, it shouldn’t really have been down and right now it’s up for me. The isup site confirms it right now. Maybe it’s been down temporarily. It should be up now.
In the meanwhile, my hosting provider confirmed they’ve blocked access to the rpcxml file because they say they’ve been under brute force attacks on this file lately.
Is there a way around it? They said a workaround is moving the WordPress folder to a different directory, can anyone confirm that?
After upgrading to 4.4 when I activate Jet Pack when I go to the website I get a blank page. Same for WordPress logon. The only way I can get it working again is to FTP into the website and remove the Jet Pack plugin.
Jet Pack is suppose to be compatible with 4.4 so don’t know what the problem is. Any ideas
That’s odd, it shouldn’t really have been down and right now it’s up for me. The isup site confirms it right now. Maybe it’s been down temporarily. It should be up now.
I can indeed access your site now. If your host is under attack, it might explain why your site went down.
they’ve blocked access to the rpcxml file because they say they’ve been under brute force attacks on this file lately.
Is there a way around it?
I’m afraid not. Jetpack relies on that file to communicate with WordPress.com. If it’s blocked, you won’t be able to use the Jetpack features that require a connection to WordPress.com.
They said a workaround is moving the WordPress folder to a different directory, can anyone confirm that?
I’m afraid that won’t help. The location of your site won’t stop hackers from trying to get in.
Your hosting provider should be able to use firewall services like Mod Security or Failban to block those brute force attempts. On your end, you can use Jetpack’s Protect module, and Web Firewall services like CloudFlare or Sucuri to protect your site.
I hope this helps.
@bgotro47 I replied to the other thread you started here:
https://wordpress.org/support/topic/jet-pack-doesnt-work-in-44?replies=1&view=all
I doubt my hosting provider is going to listen to suggestions I make in terms of security.
If they say they’ve blocked access to it, how come I can still access it when I browse to: http://new.mjboerenkamp.nl/xmlrpc.php
Or is there more to it?
Also, I understand moving the file doesn’t stop attacks from being possible, but I can imagine they only block request to the standard location of the file, and moving it to a different directory (like, moving WordPress to a different dir this way: http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory ) could be a way around their “block”.
Would that make sense?
If they say they’ve blocked access to it, how come I can still access it when I browse to: http://new.mjboerenkamp.nl/xmlrpc.php
Or is there more to it?
There is a bit more to it indeed. Although the file can be accessed in the browser, you can’t make any POST requests to the file, like a third-party service would do. That’s why Jetpack won’t work, nor won’t the mobile apps and other services like IFTTT for example.
moving it to a different directory (like, moving WordPress to a different dir this way: http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory ) could be a way around their “block”.
If you can circumvent their security measures by moving the file to a different location, hackers shouldn’t have any issues doing the same. In general, Security through obscurity is not considered a safe way to protect your site. At this point, it might be safer to move to a different hosting provider that has better security measures, and allows you to use features like XML-RPC while protecting you against brute force attacks. Most of the biggest hosting providers will protect you against these types of attacks.
If you can circumvent their security measures by moving the file to a different location, hackers shouldn’t have any issues doing the same. In general, Security through obscurity is not considered a safe way to protect your site. At this point, it might be safer to move to a different hosting provider that has better security measures, and allows you to use features like XML-RPC while protecting you against brute force attacks. Most of the biggest hosting providers will protect you against these types of attacks.
I couldn’t agree more on the security aspect. However, I still have a 9 month contract with this provider and honestly, I’m not too worried about the brute-force attack right now. It’s not a critical website with no personal information and I make regular backups. I can take my own security measures like you mentioned.
I will be looking for a different host, but for the time being I’m just interested in getting my site up and running.
I will be looking for a different host, but for the time being I’m just interested in getting my site up and running.
In this case, and if you want to use Jetpack on that site, you’ll only be able to use the Jetpack features that do not require a connection to WordPress.com. To use those features and remove the “Connect to WordPress.com” prompt you can’t use with this host, you’ll need to enable Jetpack’s Development mode, as explained here:
http://jetpack.me/support/development-mode/
I hope this helps.
Thank you for your help, I will give it a go and see if I can break the contract with my hosting provider because of this.
