WordPress Android client fails with xmlrpc.php error

If you’re trying to use an Android (or IPhone) Client to connect a self-hosted WordPress blog and you receive the following error; here’s something that might resolve it: –

Could not connect. Please enter the full path to xmlrpc.php on your site and try again.

The issue was identified by an support member from automattic.com. Apparently it’s pretty common for Apache’s ModSecurity to block HTTP requests to the Web Server for xmlrpc.php and wp-login.php. Below are the error logs from Apache for the rule match.

ModSecurity: Access denied with code 406 (phase 2). 
Match of "rx (^application/x-www-form-urlencoded|^multipart/form-data;).*$" against "REQUEST_HEADERS:Content-Type" required. 
[file "/usr/local/apache/conf/modsec2.user.conf"] 
[line "16"] 
[id "90001"] 
[hostname " www.robweeks.net"] 
[uri "/xmlrpc.php"] 
[unique_id "Ug2SIdXlZgQAAHClHzYAAAAT"]
ModSecurity: Access denied with code 406 (phase 2). 
Match of "rx (^application/x-www-form-urlencoded|^multipart/form-data;).*$" against "REQUEST_HEADERS:Content-Type" required. 
[file "/usr/local/apache/conf/modsec2.user.conf"] 
[line "16"] 
[id "90001"] 
[hostname " www.robweeks.net"] 
[uri "/wp-login.php"] 
[unique_id "w5ctjtXlZgQAAEqoH68AAAAP"]

For me, disabling mod_Sec for xmlrpc.php & wp-login.php resolved the issue and allows connections.

Leave a Reply