We’d definitely appreciate more details about this bug so we can explore further. http://ithemes.com/security/bugs/
Thread Starter
ejb5oh
(@ejb5oh)
Not sure what more to provide you.
I use Jetpack’s email to post feature. As is customary, I email my post text and attachment to the specially created email address from Jetpack. Jet pack then uploads the file(s) to my media section, creates my post, and attached the download files as links within the page.
Now, turn iTheme Security on, Post succeeds, attachment fails.
Thread Starter
ejb5oh
(@ejb5oh)
Any update for this issue?
I don’t work for iThemes or JetPack, but make sure you don’t have the XML-RPC option disabled. There’s a checkbox in the Settings tab. JetPack uses XML-RPC to communicate with your blog, so if that’s disabled then you’ll probably get errors with JetPack.
In a properly set up site,
http://example.com/xmlrpc.php should show “XML-RPC server accepts POST requests only.” and http://example.com/xmlrpc.php?rsd should show some XML
In a misconfigured site, both URLs will show “XML-RPC server accepts POST requests only.”
Just in case is useful for somebody.
I publish by email with Jetpack, and one day start to give me error with the atached images don’t show them in the post.
I don’t remember the day before I was touching one security plugin “Sucuri”.
So I deactivate this plugin, and Jetpack works good again and the atached images are showed on the posts. Maybe if is not Sucuri you may touch something in a Security Plugin?
The thing was that in the “Hardening” setting of Sucuri I hardening this option “Restrict wp-content access”. And this option create one .htacces file on the wp-content folder and inside this .htacces is this code:
<Files *.php>
deny from all
</Files>
I delete this .htacces (as Sucuri says if you have problem with images not displaying) in wp-content and the images are showed again.
————————-
Careful with this option in Sucuri:
Restrict wp-content access
This option blocks direct PHP access to any file inside wp-content. If you experience any issue after this with a theme or plugin in your site, like for example images not displaying, remove the .htaccess file located in the content directory.
Note: Many (insecure) themes and plugins use a PHP file in this directory to generate images like thumbnails and captcha codes, this is intentional so it is recommended to check your site once this option is enabled.