Jetpack CPUSeconds and Logs

Hi @tschureman

It looks like some issues with your Jetpack connection may be contributing to the high usage.

While your site is publicly accessible, we cannot access your site’s XML-RPC file:

https://DOMAIN.COM/xmlrpc.php

This file is used by Jetpack and other plugins and apps to connect to your site. It must return the following message:

XML-RPC server accepts POST requests only.

You can see a working example here:

https://wp.cloud/xmlrpc.php

Since your site returns a 404 error for this page, I would recommend that you check the following:

1. Can you see the /xmlrpc.php file at the root of your WordPress installation when accessing your site via FTP? If you don’t, then please try re-installing WordPress. You can do this by going to the Dashboard -> Upgrades page, then click the “Reinstall” button.
2. Do you use any security plugins that may block access to this file? If so, could you try to disable them? You might also want to check your site’s .htaccess file for any rules that might be blocking access to the xmlrpc.php file.
3. Does your hosting provider block access to this file? If you don’t find any plugin that may block access to the file on your site, I would recommend that you get in touch with your host.

Once we are able to access your site’s xmlrpc.php file, please try to reconnect your site:

https://jetpack.com/support/reconnecting-reinstalling-jetpack/#reconnecting-jetpack

Thank you for your help. The issue is still not resolved, but that is because my host has disabled access to the xmlrpc.php file for all websites hosted on their servers. The matter has been forwarded onto a higher technical team.

Thanks for the update.

They should be able to protect your site’s XML-RPC file without having to allowlist specific IP ranges. Most hosts use tools like [fail2ban](https://www.fail2ban.org/wiki/index.php/Main_Page) or [ModSecurity](https://www.modsecurity.org/).

Jetpack itself includes a feature that will help [against Brute Force attacks](https://jetpack.com/2015/10/12/jetpack-protection-from-brute-force-xml-rpc-attacks/).
?
If your hosting provider needs more details, or would like to talk about the different options, we’d be happy to help! They can contact us via this contact form:

* https://jetpack.com/contact-support/
?

Thank you for getting back to me. They refused to allow access to the XML-RPC file. This is Siteground, by the way.

I resolved the issue to some degree, as I disabled all the plug-ins to find the culprit, and WP Rocket’s preload seemed to be causing more POST hits than anything else. I have disabled that part of WP Rocket for now. I am monitoring the site now to see if anything else is doing the same. I will contact Siteground with your message.

Hi @tschureman

Yes, please let us know what they say. That’s rather odd as Siteground is one of our partners and we have thousands of sites running Jetpack with them.

Hello there, @tschureman,

It’s been one week since this topic was last updated. I’m going to mark this thread as solved. If you have any further questions or need more help, you’re welcome to open another thread here. Cheers!