Allow XMLRPC with brute force turned on?

  • Brent

    (@brentkrueger)


    10 years, 4 months ago

    Hello,

    It was recently added to iThemes Security to prevent brute force attacks against xmlrpc.php

    Is it possible to leave brute force protection on, for things like 404s and logins, but have xmlrpc.php not produce a brute force error?

    I use Windows Live Writer via xmlrpc to publish and ever since the update, I can no longer do that.

    Any ideas?

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hey Brent,

    This is the first time we’ve run into this. We’ll do some testing and get back with you.

    Thanks,

    Gerroald

    Thread Starter Brent

    (@brentkrueger)

    Thanks Gerroald,

    Basically if I’m monitoring the lockouts table, I see a brute force entry added as soon as live writer tries to publish. This was not happening before, and live writer had no issues publishing with brute force protection turned on.

    thanks!

    Thread Starter Brent

    (@brentkrueger)

    Hello,

    Just wondering if this was found to be a bug/issue?

    I have the same problem since the latest update with the WordPress iOS-App and the NextGEN Gallery Export Lightroom plugin. If I work with one of these, I get locked out due to many bad login attempt -but login credentials are correct. If I temporarily whitelist my IP, both the WP app and the LR plugin work but the iThemes Security logs are full of “Invalid Login Attempt” and “Host or User Lockout” Messages for my IP.
    Seems to me like a bug in the current version for xmlrpc access.

    Markus

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Allow XMLRPC with brute force turned on?’ is closed to new replies.