Protection has been added to Zone webhosting websites to block POST requests to files named xmlrpc.php that contain a WordPress (wp.*) method. The purpose of the restriction is to protect the homepage from bots that try to guess passwords.
Corresponding requests will return Error 403: Forbidden.
Apache apache.ssl.error.log will display a following error message:
ModSecurity: Access denied with code 403 ... [msg "Blocked wp.* payload in XML-RPC"] [hostname "example.com"] [uri "/xmlrpc.php"] ...
If desired, it is possible to remove the corresponding block from your server.
In order to remove this restriction, you need to log into My Zone control panel and in the Webserver section of the web hosting management under Main Domain Settings -> modify -> Apache Directives -> in the add directive block window, add a directive block with the following content:
<IfModule mod_security2.c> SecRuleRemoveById 60020 60021 </IfModule>