If you are a serious blogger and find yourself asking the question:

Why can’t I use XMLRPC?

Well I’ve disabled it. Why? Security.

Most WordPress Bloggers are simply that “Bloggers” – Now don’t take offense, I drive a car, but I’m not a mechanic! (Though with the last bill I wish I was!) 🙂

So as I mentioned it is shut off for security, your’s and mine! There are a number of bots/scripts/attacks which target the XMLRPC file because it can be used to remotely administrate WordPress, this means if you don’t want to type your posts in WordPress’s editor, you don’t have to. There are a pile of options (most $20 or so) to edit, type, put together your post and hit post from the comfort of your desktop without even ever opening your web browser.

Now it has a downside, it can process hundreds upon hundreds of logins with 1 communication. This is bad. If your password is say “Puppies” it will try again and again and again till it reaches Puppies, then whammo – you’re hacked.

To avoid this issue and save many sites being hacked, we’ve disabled this – however some of you don’t mind the risk, you have your own 3rd party security, and you just want more power – so to that end you can use this bit in your .htaccess file:

<FilesMatch "xmlrpc\.php$">
Satisfy Any
Allow from all

Once that is in XMLRPC will work again. Do bear in mind you do this at your own risk! If you have any questions simply open a ticket for further assistance.

Leave a Reply