1. Home
  2. Technical
  3. Apache
  4. xmlrpc.php POST requests to WordPress methods
  1. Home
  2. Wordpress
  3. xmlrpc.php POST requests to WordPress methods
  1. Home
  2. Technical
  3. xmlrpc.php POST requests to WordPress methods

xmlrpc.php POST requests to WordPress methods

Protection has been added to Zone webhosting websites to block POST requests to files named xmlrpc.php that contain a WordPress (wp.*) method. The purpose of the restriction is to protect the homepage from bots that try to guess passwords.

Corresponding requests will return Error 403: Forbidden.
Apache apache.ssl.error.log will display a following error message:

ModSecurity: Access denied with code 403 ... [msg "Blocked wp.* payload in XML-RPC"] [hostname "example.com"] [uri "/xmlrpc.php"] ...

If desired, it is possible to remove the corresponding block from your server.

In order to remove this restriction, you need to log into My Zone control panel and in the Webserver section of the web hosting management under Main Domain Settings -> modify -> Apache Directives -> in the add directive block window, add a directive block with the following content:

<IfModule mod_security2.c>
  SecRuleRemoveById 60020 60021
</IfModule>
Updated on 9. Oct 2024
Was this article helpful?

Related Articles