One of the reasons that I decided to build the latest iteration of my website in WordPress was the WordPress Android and the option of integrating WordPress to other platforms that I use through the WordPress XML RPC Interface. If “Content is King” the ability to add content to my site wherever I am (and whenever it is) is a powerful feature.
So, I was pretty vexed when I discovered that this interface didn’t seem to work with a vanilla install to my host.
The specific error I was receiving was a 404 error when accessing xmlrpc.php.
It took a little working out, some trial and error, and one or two support calls to my hosting provider, but I finally figured out the problem. Apache’s mod_security module and xmlrpc.php don’t play well together.
What is Apache mod_security?
mod_security is an Apache module that helps to protect your website from various attacks. It is used to block commonly known exploits by use of regular expressions and rule sets and is enabled on many shared web hosts by default.
So, fair warning – your host installed this for a reason and disabling it will make your website less secure.
I really want my XML RPC to work – how do I switch off mod_security ?
You can disable mod_security via your WordPress site’s .htaccess file.
Add the following lines to the end of the file, save and upload to your host.
<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>
You should now be able to access your WordPress install from the WordPress Android App and from services such as IFTTT.