notmikelol

@hjogiupdraftplus Just left a review. Really appreciate your help on this last week. All the best

Hi @hjogiupdraftplus

It seems that XMLRPC was the issue and updating the settings like you recommended seems to have fixed it.

Thank you for your assistance.

Hi @hjogiupdraftplus

Thank you ever so much for your assistance so far.

Yes – I have enable both recently. We usually don’t use the cookie based solution. https://pastebin.com/bkmnWipr

Yes – I am aware of the login page being found due to failed/invalid login attempts.

I had already disabled the pingback functionality but I have now ticked both. It would seem that the XMLRPC comes up in the stack trace so sounds like you may have located the issue?

Thanks

@hjogiupdraftplus

Link can be found here https://pastebin.com/HWnA23vt

Hiya, thanks for such a quick reply.

No, none of the sites are multi sites.

AIOS is the only plugin we use for security – no other plugins handle security, so I would tentatively rule out a plugin clash. All sites are running the latest WordPress and AIOS as of Monday 16th Oct.

We use the REST API frequently (only GET requests), but this doesn’t appear to leak any data in terms of AIOS settings and we have not extended the API in any way. It would make no sense for that to ever be available on an endpoint anyways.

Look forward to your response. Thanks again!