Protection has been added to Zone webhosting websites to block POST requests to files named xmlrpc.php
that contain a WordPress (wp.*
) method. The purpose of the xmlrpc.php POST requests restriction is to protect the homepage from bots that try to guess passwords.
Corresponding requests will return Error 403: Forbidden
.
Apache apache.ssl.error.log will display a following error message:
ModSecurity: Access denied with code 403 ... [msg "Blocked wp.* payload in XML-RPC"] [hostname "example.com"] [uri "/xmlrpc.php"] ...
If desired, it is possible to remove the corresponding block from your server.
In order to remove this xmlrpc.php POST requests restriction, you need to log into My Zone
control panel and in the Webserver
section of the web hosting management under Main Domain Setting
s -> modify
-> Apache Directives
-> in the add directive block
window, add a directive block with the following content:
<IfModule mod_security2.c> SecRuleRemoveById 60020 60021 </IfModule>