Jetpack for WP: is anyone doing this?

Discussion in 'Linux VPS/Dedicated - cPanel' started by unknownhost, Mar 17, 2014.

  1. unknownhost

    unknownhost New Member

    I get this:

    Your Jetpack has a glitch. Something went wrong that’s never supposed to happen. Guess you’re just lucky: xml_rpc-32700
    Try connecting again.

    Error Details: The Jetpack server could not communicate with your site's XML-RPC URL. Please check to make sure http......xmlrpc.php is working properly. It should show 'XML‑RPC server accepts POST requests only.' on a line by itself when viewed in a browser and should not have any blank links or extra output anywhere.

    Would have hoped something seemingly so simple would go out of the box...
     
  2. KH-Jonathan

    KH-Jonathan Director of Managed Services Staff Member

    @unkownhost

    A lot of people keep xmlrpc.php disabled for security reasons - it's been the center of a lot of attacks lately.

    Are you able to visit your domain /xmlrpc.php in the browser? Do you receive the response that this messages states you will? (XML‑RPC server accepts POST requests only.)?
     
  3. unknownhost

    unknownhost New Member

    Ah security and WP you dont say! Ok no surprise then

    Visitng:
    Warning: ini_set() has been disabled for security reasons in /home/a.../public_html/wp-includes/load.php on line 278

    Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/a.../public_html/wp-includes/load.php:278) in /home/a.../public_html/wp-content/themes/a.../config-templatebuilder/avia-shortcodes/masonry_entries.php on line 33

    Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/a.../public_html/wp-includes/load.php:278) in /home/a.../public_html/wp-content/themes/a.../config-templatebuilder/avia-shortcodes/masonry_entries.php on line 33

    Warning: Cannot modify header information - headers already sent by (output started at /home/a.../public_html/wp-includes/load.php:278) in /home/a.../public_html/wp-includes/class-IXR.php on line 372
    XML-RPC server accepts POST requests only.

    So should I simply forget Jetpack, because of xmlrpc security, and move on?

    Is there anything that should be addressed with what I currently have?
     
  4. Dion

    Dion Member

    Jetpack itself is a bloated, resource-intensive mess that slows down your WordPress installation. Perhaps you should consider that error message a blessing in disguise. ;)

    The first thing I do when installing WordPress for myself or for clients is to rename xmlrpc.php to something random. Jonathan is right; it's a known vector for attacks. You do lose some features if xmlrpc is disabled, but for me, the cost of those features far outweighs their benefits.

    I'd love to do the same with admin-ajax.php (another known attack vector), but I haven't yet found a way that doesn't also break WordPress.
     
  5. Miguel Araujo

    Miguel Araujo New Member

    i do not use jetpack, consume to much
     
  6. KH-Jonathan

    KH-Jonathan Director of Managed Services Staff Member

    I've noticed this as well on the customer's we have who run it. It significantly slows their site down.
     
  7. WildBlueRoad

    WildBlueRoad New Member

    What features do you lose?
     
  8. Dion

    Dion Member

    Among other things, "pingbacks" in comments require xmlrpc.php. That's a "feature" I don't mind losing since it's become a popular method for comment spam.

    One thing to remember is that WordPress will put the file back on every update. To deal with this, I wrote a simple WP plugin that checks the WP version, and if changed, deletes xmlrpc.php and wp-trackback.php. Trackbacks are also a popular method for comment spam.
     
    WildBlueRoad likes this.

Share This Page