How To Enable XML-RPC On WordPress

I needed to use XML-RPC on one of my sites to verify that I owned the site. Normally that's not a problem with WordPress sites, because XML-RPC is enabled by default.

However, I always turn it off and block access to it through iThemes Security.

To enable XML-RPC on WordPress, go through your security, speed and caching plugins and re-enable XML-RPC until yourdomain.com/xmlrpc.php says "XML-RPC server accepts POST requests only". Also check your theme for add_filter ("xmlrpc_enabled", "__return_false") if that doesn't re-enable it.

I re-enabled XML-RPC through iThemes Security by going to Security -> Settings, and clicking "Configure Settings" in the WordPress Tweaks section.

I then changed the XML-RPC section to "Enable XML-RPC" and changed the Multiple Authentication Attempts per XML-RPC Request to "Allow".

iThemes security with lots of text. The important parts are the XML-RPC section has the select box set to Enable XML-RPC and the Multiple Authentication Attempts per XML-RPC Request section has the select box set to Allow.

Unfortunately, that wasn't enough and I was still getting the error message that it was disabled.

I was able to fix it eventually. This is how I did it.

In all the research I did, they just kept telling me that XML_RPC was enabled by default since WordPress 3.5 and to go to Settings -> Writing -> Remote Publishing and check the checkbox.

As you can see, I don't have that checkbox, or even the Remote Publishing section:

Default WordPress Writing Section showing default post category General, default post format Standard and instructions on how to post via email

I kept getting a message from the verification service that XML-RPC was disabled, but that was all there was to the error message.

I went to mydomain.com/xmlrpc.php in the browser and saw this:

Text says Sorry 100.100.100.100, your request cannot be processed. For security reasons, it was blocked and logged. If you believe this was an error please contact the
webmaster and enclose the following incident ID: #1045426.

I deactivated Ninja Firewall, iThemes Security and all the plugins that I thought might have disabled XML-RPC.

I kept getting this rather unhelpful error message when I went to mydomain.com/xmlrpc.php:

XML code showing faultCode 405 and faultString XML-RPC is disabled

It basically says "there's a problem, XML-RPC is disabled", without giving anything useful. Fault Code 405 is just a generic "access not allowed" error message.

I checked .htaccess and wp-config.php for possible remnants of the blocking code, but there was nothing related to XML-RPC in there.

At this point, I was near to giving up and telling myself it just wasn't worth the trouble, but I figured I'd give it another couple of minutes.

I knew it wasn't an issue with my theme or child theme. If you're not sure, check for this code:

add_filter ( 'xmlrpc_enabled', '__return_false' );

I started going through the process I walk through in How To Fix WordPress where you deactivate the plugins. Rather than deactivate the plugins all at once, I did it one by one, refreshing /xml-rpc.php after each.

It turns out the culprit was the A2 Optimized WP plugin!

I didn't think a caching / speed plugin would impact the remote posting service. If you're having an issue, make sure you check those too.

Finally, mydomain.com/xmlrpc.php showed "XML-RPC server accepts POST requests only" and the verification system worked.

Leave a Comment