Title: Potential XML-RPC Bug Last modified: August 30, 2016 --- # Potential XML-RPC Bug * [doubledworks](https://wordpress.org/support/users/doubledworks/) * (@doubledworks) * [10 years, 7 months ago](https://wordpress.org/support/topic/potential-xml-rpc-bug/) * I have previously used this plugin prior to the latest xml-rpc feature added on the 2015-10-15. At that point blocking xml-rpc locked out Jetpack. * [https://ithemes.com/2015/10/15/ithemes-security-adds-xml-rpc-brute-force-protection/](https://ithemes.com/2015/10/15/ithemes-security-adds-xml-rpc-brute-force-protection/) * Despite the updated description currently explaining that pingback is the highest level setting when using Jetpack and the like, I have set both settings (original and new) to block xml-rpc completely and I can still use Jetpack, so I assume there’s a bug. * Any suggestions/assistance would be much appreciated. * [https://wordpress.org/plugins/better-wp-security/](https://wordpress.org/plugins/better-wp-security/) Viewing 3 replies - 1 through 3 (of 3 total) * [dwinden](https://wordpress.org/support/users/dwinden/) * (@dwinden) * [10 years, 7 months ago](https://wordpress.org/support/topic/potential-xml-rpc-bug/#post-6668565) * [@doubledworks](https://wordpress.org/support/users/doubledworks/) * Disabling XML-RPC adds the following lines to the .htaccess file: * > # Disable XML-RPC – Security > Settings > WordPress Tweaks > XML-RPC > xmlrpc.php> Require all denied mod_authz_core.c> Order allow,deny Deny from all * After testing it seems to block xmlrpc.php requests in my Apache 2.4.x env … * dwinden * Thread Starter [doubledworks](https://wordpress.org/support/users/doubledworks/) * (@doubledworks) * [10 years, 7 months ago](https://wordpress.org/support/topic/potential-xml-rpc-bug/#post-6668736) * I see those lines in my .htaccess file. * My plugin is set to block on both XML-RPC features so why would Jetpack remain connected when it relies on XML-RPC? * When i used ithemes security some months back and prior to the latest XML-RPC blocking feature, it blocked Jetpack. * Has something else changed? * Is the description stating it blocks Jetpack outdated and need updating? * Surely Jetpack should completely stop working when XML-PRC features are set to block? * [dwinden](https://wordpress.org/support/users/dwinden/) * (@dwinden) * [10 years, 7 months ago](https://wordpress.org/support/topic/potential-xml-rpc-bug/#post-6668741) * Dunno … * Perhaps the Jetpack forum is the right place to get an answer to your questions… * dwinden Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Potential XML-RPC Bug’ is closed to new replies. * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351) * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/) * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq) * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/) * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/) ## Tags * [XML-RPC](https://wordpress.org/support/topic-tag/xml-rpc/) * 3 replies * 2 participants * Last reply from: [dwinden](https://wordpress.org/support/users/dwinden/) * Last activity: [10 years, 7 months ago](https://wordpress.org/support/topic/potential-xml-rpc-bug/#post-6668741) * Status: not resolved