WordPress nonsense: Solved?

I have been having trouble using the WordPress app with my site. It  gives me an error (NSXMLParserErrorDomain Error 111) and then locks me out of the site. So I have been unable to post using the WordPress app at all. After much Googling and a few go-rounds with my hosting provider, I had a solution that involved disabling ModSecurity but even that failed to be a long term fix. I mean, who wants to disable anything that has Security in it?

So for the 10 millionth time I stretched out pleading arms to Google and voila! This Topic turned up on the ios.forums.wordpress.org site. Using all the right words the OP asks the right questions an get the right answers.

I’m having some troubles with the XMLRPC requestes that the iOS app generates. I manage a WordPress 4.1.1 set as a Network install.

My hosting company has the ModSecurity activated and, for that reason, it blocks every time the users that have the App:
Message: Access denied with code 403, [Rule: ‘user:bf_block’ ‘@gt 0’] [id “117”] [msg “IP address blocked for 5 minutes. More than 2 XMLRPC POST requests within 60 seconds.”] [severity “WARNING”] [MatchedString “1”]

My question is: is it possible to limit the amount of XMLRPC requests if someone only open the stats page (and not, for example, the Post or Comments page)?
Or, better, limit the XMLRPC requests only if the user opens the Post, Page or Comments pages?

Thank you in advance,


After browsing some other topics, I figure out that the issue comes from the latest App version that makes too many XML-RPC requests that are interpreted as a potential attack and blocked.

The block works at IP level and that’s the reason why if you use WiFi for example, you won’t be able to connect to your website anymore (you see 403 or 406 errors).

At the moment the only possible solutions are uninstalling the App or temporary disabling the ModSecurity, waiting for a solution for the App developers.


Hi Gabriele

More than 2 XMLRPC POST requests within 60 seconds.

That is a ridiculously low limit. Who is your hosting company?

You might also try the steps in this FAQ to rename your xmlrpc.php file and avoid triggering the block.

Right there, in the FAQ, that I couldn’t find in any of my previous attempts is the answer:

  1. My Host Blocks XML-RPC Access! How do I fix that?
    1. Rename your xmlrpc.php file to something different, but only change it after the ‘xmlrpc’. Ex: xmlrpc_wp.php.
    2. Install this plugin. (Rename XMLRPC By Jorge Bernal)
    3. Read the installation instructions and activate it.
    4. Remove your blog from the app and add it back again.

And now, for now, all is golden. I guess even in this age of the internet and instant info, the maxim of “Try, try again…” is still in force.