For a self-hosted site to connect, the XML-RPC file must be accessible in order for the app to be able to communicate with the site. However, many hosts will block or limit access to this file as a security measures.
Depending on how your host has blocked the XML-RPC file, one method that may allow you to connect your site is to rename your XML-RPC file and use this plugin.
- Rename your xmlrpc.php file on your server through SSH or FTP to something different, but only change it after the ‘xmlrpc’. Ex.
xmlrpc_wp.php - Install the Rename XMLRPC file plugin.
- Go to the plugin editor in wp-admin and update the filename of the XML-RPC Endpoint in rename-xml-rpc.php. Using the example xmlrpc_wp.php line 14 should look like this:
$renamed_xml_rpc_filename = 'xmlrpc_wp.php'; //CHANGE THIS poiting to the renamed file
- Activate the plugin
- Remove your site from the app and re-add it again.
You should now be able to connect your site to the app.
If not, you can ask your hosting provider to remove the block and use other ways to mitigate XML-RPC attacks. Most hosts use tools like fail2ban or ModSecurity.
If your hosting provider needs more details, or would like to talk about the different options, reach out to support for more details.
