BruteProtect, Jetpack, and XMLRPC

I understand BruteProtect has been acquired by Jetpack, and is now reincarnated as the “Protect” feature within Jetpack.

I installed Jetpack today for the sole purpose of continuing to use BruteProtect, which has been an outstanding plugin. Upon installing Jetpack (which installs 27 other functions…which I don’t necessarily want), I immediately began encountering problems.

Upon clicking the Debug button within the Jetpack admin panel, the error message indicated that Jetpack could not communicate with my website. After a few tech support emails, it appears Jetpack MUST have access to the XML-RPC file at the root of your domain in order for Jetpack to work (not sure if that means all of Jetpack, or just some parts of Jetpack).

I had no plugins blocking Jetpack from access to the XMLRPC file, so I contacted my hosting provider…which it turns out is blocking all public access to XMLRPC by default on all WordPress installations because such access is a known vector for hacker attacks.

I do not know yet if Jetpack’s “Protect” feature (aka BruteProtect) will continue to function properly without having access to the XMLRPC, but for sure certain features within Jetpack will NOT work properly without it.

If Jetpack’s “Protect” feature will not function without opening a new door for hacker opportunities, then this will be a quite unfortunate development for BruteProtect.

Does anyone know if “Protect” will still function properly even if the Jetpack system does not have public access to XMLRPC? I have not gotten a clear answer on that from Jetpack, yet.

https://wordpress.org/plugins/bruteprotect/