Hi, do you have the following enabled Enable Pingback Protection: found under Firewall -> Basic Firewall Rules?
Hi,
Yes it’s enabled. On the other website I manage it’s enabled too without problem, strange.
What is the difference both sites? Can you also check the plugin’s log files?
They are not on the same provider, and also one of them is managed by someone else for the content so I’m not the only one having access through the /?aspecialkeyword=1
Unforntunately the logs files are empty it seems everytime i set permission on these files they are reset by the host…
Except that they both are up to date with same version of the plugin. What I don’t get is how robots / spammers / attackers (the number of times it happens everyday (between 0 and 10)) did they get the correct URL ?
Hi can you try the following.
Using your browser type your URL and the location of the “xmlrpc.php” file.
Eg, if wordpress is installed in the root folder of your server:
yoursite.com/xmlrpc.php
What do you see when you try to access the xmlrpc.php directly?
Hi
I see this message :
XML-RPC server accepts POST requests only.
On the other website I get a 403 forbidden apparently.
Hi that means that xmlrpc.php is not working correctly on the site you mentioned above.
Please carry on the following instructions. Deactivate the Enable Pingback Protection: option in the plugin save the settings. Log out and then log back in, again activate the Enable Pingback Protection: option and type the following in the browser.
yoursite.com/xmlrpc.php
You should see the following message.
403 forbidden apparently.
If the above did not work then carry out the following steps.
FTP into your websites and locate your .htaccess file. Download it locally. Open the file and locate the following entry. Make sure you copy the following code into your .htaccess file and save the the file.
#AIOWPS_PINGBACK_HTACCESS_RULES_START
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
#AIOWPS_PINGBACK_HTACCESS_RULES_END
Upload it back to your server. Now type the following in the browser again.
yoursite.com/xmlrpc.php and see what message you receive.
If it is enabled and working correctly you should see the following message as you pointed above.
403 forbidden apparently.
Let me know how you go.
Hi,
I figured out the issue with your help. The .htaccess file was never modified when I changed settings in AIOWPS even though I had no error message. I cleared the .htaccess file, changed it’s rights to 755 and reinstalled + reconfigured the plugin from scratch.
Now everything is modified correctly in the .htaccess file and the xmlrpc.php gives me a 403.
I’ll see now if it doesn’t gives me any login lockdown anymore and will report.
BTW, maybe you have an idea why with Firefox the cookie based bruteforce with keyword prevention doesn’t work exactly as expected, while it works on IE : when I go to mywebsite.com/?keyword=1 on IE it redirects me to login page, while on firefox it redirects me to 127.0.0.1. The cookie exists in firefox and if I manually type mywebsite.com/wp-login.php then I can access the admin page.
The issue was always here and still remains after plugin reinstallation of today.
Thanks for your help
hi
It seems I’m not getting any new email so it should be fixed !
Thank you very much !
I am happy to hear 🙂
Can you mark this support thread as resolved.
Thank you