My website has recently come full circle back to WordPress. It’s been a number of years since I’ve used WordPress. The last time was probably in college on the cheapest shared host I could find. I avoided coming back to WordPress because I didn’t want to maintain a server; I fiddle enough with them at work. Already being a Digital Ocean customer, the 1-Click setup/hardened server seemed like the best way to go.
I quickly got it configured with all of the IndieWeb plugins to facilitate back-feeding content that I create on other platforms onto my website. The final step starting to use MarsEdit, my old favorite blog editor. Except it couldn’t connect to my website.
Turns out the reason is that the majority of WordPress security issues stem from bots abusing the xmlrpc api and the digital ocean install blocks it at a low level by default. Disabling this block on the server allows programs to use the xmlrpc api and hence MarsEdit to work. Execute the following commands to disable the xmlrpc block.
sudo a2disconf block-xmlrpc
sudo systemctl reload apache2