Forums

xml-rpc. Is is safe

  1. Hi all,

    I cant use the app with my self hosted sites. Jetpack debug says xml-rpc is not responding correctly.

    Godaddy had no solution.

    Wordpress has a solution involving using a plugin that hasnt been updated for 4 years.

    So why are hosting companies blocking it ? I read a few articles of concern

    I am no expert, but I am not using the app at the risk of security

  2. Hi HammerOz,

    XML-RPC does have its troubles, however, from the app's perspective, its generally safe if its used over an https connection.

    I cant use the app with my self hosted sites. Jetpack debug says xml-rpc is not responding correctly.

    Godaddy had no solution.

    Can you share the URLs of the affected sites? We'd be happy to take a closer look from our end. If I had to guess, I'd say GoDaddy might be blocking traffic from pubilc-api.wordpress.com and the support rep(s) you spoke with didn't realize the issue. Just a theory. We'd need to take a closer look to say with any confidence.

    So why are hosting companies blocking it

    Looks like you found a couple of articles explaining why, tho I'm not sure I agree with GoDaddy's limit of ~15 requests per minute. Normal usage of the mobile apps can easily exceed that depending on the task being performed. Moderating a list of new comments is one example.

    Cheers

  3. Hello
    I can only confirm what is a concern above:
    Here is the answer of our provider for our selfhosted site:
    “The reason why the Wordpress App receives a 403 Error when trying to call
    Wordpress XMLRPC page is that its doing so with a HTTP POST request where there is
    no Referrer header.
    The basic protection rule implemented on the Webserver denies any POST request
    without a valid local Referrer in order to prevent brute-force login attacks.

    This protection rule can be loosened, but it would be preferrable if the App could
    behave more like a browser and include a proper referrer header.“

    Best

  4. Hi @stipi

    We appreciate you sharing the comments from your host.

    Adding a referrer header doesn't sound unreasonable and is something we can look into. Call me curious, but would you mind sharing with us the name of your host?

    Cheers!

  5. Hello
    Our service provider is the education / university server of Luxemburg ( Restena )
    https://www.restena.lu/restena/en/EN-Index.html
    Best
    Pierre

  6. Thanks Pierre!

Topic Closed

This topic has been closed to new replies.


About this Topic

Tags