How To Allow Access to XMLRPC for WordPress?

My website is under some kind of bot traffic attac, spiking traffic on some URLs and from some particluar countries like USA. So I just set my site to use Cloudflare with these Challange captcha for all SSL/HTTPS traffic.

But as I remote publish posts via xmlrpc, which is not working anymore.

I tried allowing the IP address of VPS i remote post but no luck.
I’ve also created a page rule as:
Disable Security, Always Online, Security Level: Essentially Off

But still no luck

Could you please help me out here?

How did you do this?

I just setup a firewall rule of when incoming requests matches SSL/HTTPS then shows challenge captcha.

In that firewall rule you could exclude the file in question.

How do i do that, I tried but no luck or maybe I dont know how to do it.

Post a screenshot of your page rule and the full URL you want to exclude?

That’s the screenshot mate

and url would be , site has ssl though

In that case you simply “and” your current expression with (http.request.uri.path ne "/xmlrpc.php")

1 Like

Oh man, I totally forgot about not equal condition!

Thanks a ton mate

This topic was automatically closed after 30 days. New replies are no longer allowed.