Support » Plugin: Jetpack by WordPress.com » xmlrpc.php closed to prevent brute force attack

  • Resolved passegua

    (@passegua)


    My host provider in order to block brute force attack has closed any access to xmlrpc.php

    So now I am not able to connect JetPack to wordpress.com anymore 🙁

    Is there a turn around to solve this issue?

    How could connect and avoid brute force attacks?

    Thanks.

    • This topic was modified 3 years, 2 months ago by passegua.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor Lisa Schuyler

    (@lschuyler)

    Hi @passegua!

    No, there isn’t a work around. Your site’s xmlrpc.php file needs to be accessible for Jetpack to function.

    Jetpack does have brute force protection built right in. You can read more about it here:
    https://jetpack.com/support/security-features/

    Hi, I found the culprit: https://it.wordpress.org/plugins/lcs-https/
    it is a plugin that redirect some pages to https protocol.

    I had to disable it and now JetPack works again.

    But I’m still searching how to redirect some pages to https …

    The odd is that even if now JetPack can connect with my site, still when I call:

    http://lnx.sinapsi.org/wordpress/xmlrpc.php

    I get 400 error, why?

    Plugin Contributor Lisa Schuyler

    (@lschuyler)

    @passegua:

    A few things to check!
    Since your site returns a 400 error for this page, I would recommend that you check the following:

    1) Can you see the /xmlrpc.php file at the root of your WordPress installation when accessing your site via FTP? If you don’t, then please try re-installing WordPress. You can do this by going to the Dashboard -> Upgrades page, then click the “Reinstall WordPress” button.

    2) Do you use any security plugins that may block access to this file? If so, could you try to disable them? You might also want to check your site’s .htaccess file for any rules that might be blocking access to the xmlrpc.php file.

    3) Does your hosting provider block access to this file? If you don’t find any plugin that may block access to the file on your site, I would recommend that you get in touch with your host.

    Let me know if we can help further.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘xmlrpc.php closed to prevent brute force attack’ is closed to new replies.