I needed to use XML-RPC on one of my sites to verify that I owned the site. Normally that's not a problem with WordPress sites, because XML-RPC is enabled by default.
However, I always turn it off and block access to it through iThemes Security.
To enable XML-RPC on WordPress, go through your security, speed and caching plugins and re-enable XML-RPC until yourdomain.com/xmlrpc.php says "XML-RPC server accepts POST requests only". Also check your theme for add_filter ("xmlrpc_enabled", "__return_false") if that doesn't re-enable it.
I re-enabled XML-RPC through iThemes Security by going to Security -> Settings, and clicking "Configure Settings" in the WordPress Tweaks section.
I then changed the XML-RPC section to "Enable XML-RPC" and changed the Multiple Authentication Attempts per XML-RPC Request to "Allow".
Unfortunately, that wasn't enough and I was still getting the error message that it was disabled.
I was able to fix it eventually. This is how I did it.
In all the research I did, they just kept telling me that XML_RPC was enabled by default since WordPress 3.5 and to go to Settings -> Writing -> Remote Publishing and check the checkbox.
As you can see, I don't have that checkbox, or even the Remote Publishing section:
I kept getting a message from the verification service that XML-RPC was disabled, but that was all there was to the error message.
I went to mydomain.com/xmlrpc.php in the browser and saw this:
I deactivated Ninja Firewall, iThemes Security and all the plugins that I thought might have disabled XML-RPC.
I kept getting this rather unhelpful error message when I went to mydomain.com/xmlrpc.php:
It basically says "there's a problem, XML-RPC is disabled", without giving anything useful. Fault Code 405 is just a generic "access not allowed" error message.
I checked .htaccess and wp-config.php for possible remnants of the blocking code, but there was nothing related to XML-RPC in there.
At this point, I was near to giving up and telling myself it just wasn't worth the trouble, but I figured I'd give it another couple of minutes.
I knew it wasn't an issue with my theme or child theme. If you're not sure, check for this code:
add_filter ( 'xmlrpc_enabled', '__return_false' );
I started going through the process I walk through in How To Fix WordPress where you deactivate the plugins. Rather than deactivate the plugins all at once, I did it one by one, refreshing /xml-rpc.php after each.
It turns out the culprit was the A2 Optimized WP plugin!
I didn't think a caching / speed plugin would impact the remote posting service. If you're having an issue, make sure you check those too.
Finally, mydomain.com/xmlrpc.php showed "XML-RPC server accepts POST requests only" and the verification system worked.