forbidden (403) error from iOS app?

Hi elbowglitter what iOS app are you using to connect?

Hi,
Do you have Enable Pingback Protection active? (check the Firewall menu in “Basic Firewall Rules” page)
If so that will be the cause of what you are seeing.

I’m using the standard WordPress app.

I don’t have Pingback Protection enabled, and have never enabled it.

Hi @elbowglitter have you enabled any of the Brute Force features?

Just the rename login page.

Do you use the secret word URL when you try to login through the mobile app?

I don’t, I just use the standard URL when I try to add my blog. I just tried adding it using the secret word URL and it said it couldn’t find a WP blog there. So it clearly finds that there is a WP blog at my standard URL, I just can’t log in.

If you don’t use the secret URL then you will not be able to login even through the App. That is the purpose of using this security feature.

Unfortunately I don’t have the app installed in my mobile phone to test it further.

Regards

As I said, though, there isn’t a way in the app to use the secret URL for login.

I tried turning that feature off and still get the same error from the app.

I’m also having this issue. I’ve set up the security plugin and love how it works, but I can’t log into the iOS app on any device now.

I’ve looked into this with the WordPress iOS developers and this was their response:

The app only uses the wp-login URL for a few things (like previewing posts). The majority of the app’s communication with your site is performed via XML-RPC calls which use a different mechanism for authentication. The worst case scenario is a few minor features would stop working. However, as long as its new location is properly reported as a part of the site’s meta data everything should be fine.

I’ve linked to that URL when I try to loginto the app (https://www.kylaroma.com/xmlrpc.php) but the iOS app still can’t detect my blog.

Is there anything in the plugin settings that block the XML-RPC calls? From what I’ve seen this is a fairly common in security plugins but it hasn’t had a workaround suggested for AIO WP Security yet.

Just to clarify, I’ve tried to get the WP iOS app to login using:
– my top level domain name
– my login page URL
– the XML-RPC file listed above

None of them work, unless I deactivate the AIO WP Security plugin. I’ve had significant issues with hacking and spam, and I’d love to stick with this plugin if I can.

Hi @kylaroma do you have Enable Pingback Protection active? As mentioned by @wpsolutions above in reply 3?

If not can you disable all firewall features. And carry out a test.

I don’t have “Enable Pingback Protection Active” activated, and the only firewall setting that I had activated was “Block Fake Googlebots” – but as soon as I did that, it worked!!

Thank you for being so responsive! My site is how I make my living and this makes life a lot easier for me.

I am happy to hear @kylaroma that it is now working for you.

Kind regards