XML-RPC ping/trackblack blocking breaks WordPress mobile app

So I previously had a hand-rolled XML-RPC ping/trackback blocking plugin (http://yasmar.net/howto/how-to-disable-pingback-and-xmlrpc-advertising/) but I noticed iThemes Security seems to have all the same things so I turned it on and disabled my plugin.

I set it to block ping/trackback, not to disable all xml-rpc since I use the wordpress mobile app. Unfortunately, the wordpress mobile app was broken 🙁

The wordpress mobile app doesn’t need any of the “advertising” bits, it just to be able to access xml-rpc.php. It doesn’t do pings or trackbacks.

I took a bit of a look at the iThemes code. It mostly looks ok, though I see it comparing the disable_xmlrpc setting true, 1 and 2… smells like bad code to me. I guess it’s disabling all xml-rpc instead of just pings and trackbacks?

https://ww.wp.xz.cn/plugins/better-wp-security/