Support #13286

problem connecting with WordPress app

Added by Marilyn Weber over 1 year ago. Updated over 1 year ago.

Priority name:
Category name:
Target version:
Start date:
Due date:
% Done:


Estimated time:


Artem Alman writes via Zendesk:

"I have a blog on CUNY Commons: I have attached an screen-grab of an error message that I have when attempting to connect link my blog with the app. In the past I was able to do this without a problem. Thank you for your help!"

Later he added "I have been using the WordPress app with this blog for a number of years. It is only recently after being logged out that I cannot connect the WordPress app work the blog."

Related issues

Related to CUNY Academic Commons - Feature #12911: Block access to xmlrpc.php based on User-AgentNew2020-06-09


#1 Updated by Boone Gorges over 1 year ago

  • Assignee set to Raymond Hoh

Ray, could you have a look? I wonder whether this is related to recent issues that Raffi experienced.

#2 Updated by Raymond Hoh over 1 year ago

  • Related to Feature #12911: Block access to xmlrpc.php based on User-Agent added

#3 Updated by Raymond Hoh over 1 year ago

We started blocking user agents that attempt to ping xmlrpc.php with Mozilla in the string in #12911. However for the WordPress Android app, there is an option to manually enter a site's address via HTTP, which Artem is doing. This method would use the Android Webview user agent, which would contain Mozilla in the user agent string:

"POST /xmlrpc.php HTTP/1.1" 200 4272 "-" "Mozilla/5.0 (Linux; XXX) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/85.0.4183.81 Safari/537.36 wp-android/15.5.1"

To address this, I've added another RewriteCond to omit wp-android from xmlrpc.php blocking:

RewriteCond %{HTTP_USER_AGENT} !.*wp-android [NC]

Just tested the WordPress Android app and this passes the check. I don't have access to an iPhone, but I believe iOS devices do not pass Mozilla in their user agent.

Marilyn, can you ask Artem to test the WordPress app again?

#4 Updated by Boone Gorges over 1 year ago

  • Target version set to Not tracked

Also available in: Atom PDF