![]() ![]() ![]() Some hosts get more aggressive though, as an open XML-RPC and a bad password is a recipe for “hacked WordPress site”. This issue has been addressed and you can update either via Check for Update in the app, or by downloading directly here. My favorite security plugin - iThemes Security - allows you to either disable XML-RPC completely, or to restrict it to one request at a time. The 1 Blog Editor for the Mac MarsEdit is the best way to write, preview, and publish your blog. December 8th, 2023 UPDATE: If you updated to 5.1.1 within a couple hours of my original announcement, you may have downloaded a version of the app that will not launch as expected. Couple that with the fact that a single XML-RPC request can contain multiple requests (anecdotally I’ve heard “hundreds”), so it’s a common way for hackers to try out lots of username / password combos without setting off the “failed login” warning flags. XML-RPC “login failures” don’t necessarily get logged the same as actual “login page” login failures. Basically, in order to use the super-easy posting from a tool like MarsEdit it sends a request to your server like “here’s the username, here’s the password, here’s the post data”. You will have to ask the webhost - from speaking with my current webhost when I tired setting up Ulysses with remote posting, they block it due to security concerns… ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |