FAQ - Support

XML-RPC Access / Jetpack

By default we block access to the Wordpress XML-RPC function as its frequently abused by hackers to turbocharge brute force attacks on sites.  However if you wish to use services like Jetpack then you can certainly enable it via the steps below. 

Simply add the following directives to your sites .htaccess file or create a file called '.htaccess' and place it in the same folder as the xmlrpc.php file which is usually your sites document root e.g. httpdocs

<Files xmlrpc.php>
  Order Allow,Deny
  Allow from all
</Files>

If you are using Jetpack you can tighten things up by only whitelisting the IP's they use and blocking everything else which is much safer than opening xmlrpc.php up to anyone.

 

https://jetpack.com/support/hosting-faq/#jetpack-whitelist

 

In this case use a something like this, however do update the Allow from ip ranges as Jetpack does change the includes from time to time.  The Error document is where they will be redirected in case IP is blocked.

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 122.248.245.244/32
Allow from *.wordpress.com
Allow from 54.217.201.243/32
Allow from 54.232.116.4/32
Allow from 192.0.80.0/20
Allow from 192.0.96.0/20
Allow from 192.0.112.0/20
Allow from 195.234.108.0/22
Satisfy All
ErrorDocument 403 http://google.com/
</Files>

Note: If you can't find an answer to your problem click Here to open a support ticket (requires log in).