Wordpress on 16.04 One-Click connectivity issue

October 25, 2016 2.1k views
WordPress One-Click Install Apps Ubuntu 16.04
benabbottnz
By:
benabbottnz

The following issue does not exist in the WordPress on 14.04 One-Click app, only 16.04 One-Click app

Creating a new WordPress site with the 16.04 One-Click app option works flawlessly, but the WordPress News widget has "An error has occurred..." and if I try to connect to the website via Android WordPress app, it fails.

However, setting up WordPress via the 14.04 One-Click app does not have this issue. The WordPress News widget indeed shows the latest news, and the Android WordPress app connects without issue.

Aside from having to update the copy of WordPress on Ubuntu 14.04 (which takes 2 seconds and still works afterwards), something is wrong (or different) on the 16.04 version and I do not know how to fix it.

Log In to Comment
2 Answers
xMudrii October 26, 2016
Accepted Answer

To use WordPress mobile app, xml-rpc should be enabled.

It could be that, xml-rpc is blocked by default on 16.04, which is not bad. It's recommend to keep it blocked because it's common way to attack WordPress installation.

You can learn more about it and how to block it when needed in How to block XML-RPC.

I'm not sure is it disabled by default but we can try to enable it.

  • sudo a2disconf block-xmlrpc

You can check do you have needed dependencies.

  • sudo apt-get install php-xml php-xmlrpc

Install it if asked to do so.

Make sure you restart Apache after this:

  • sudo systemctl restart apache2

Try again to use mobile app.

I'm not absolutely sure that One-Click is using this method to block xml-rpc, but chances are very high. If it still doesn't work, read linked tutorial and make sure you don't have any of it

Just to note, this is not recommended to keep it enabled if you don't use it, because of xml-rpc attacks. But it could be needed for some plug-ins and mobile app so if you need it, enable it. :)

How To Protect WordPress from XML-RPC Attacks on Ubuntu 14.04
by Jon Schwenn
WordPress is a popular and powerful CMS (content management system) platform. Its popularity can bring unwanted attention in the form of malicious traffic specially targeted at a WordPress site. There are many instances where a server that has not been protected or optimized could experience issues or errors after receiving a small amount of malicious traffic. This guide will show you how to protect WordPress from XML-RPC attacks on an Ubuntu 14.04 system.
Reply
  • benabbottnz October 26, 2016

    Running:

    $ sudo a2disconf block-xmlrpc

    produces: "Conf block-xmlrpc already disabled."

    Following that with:

    $ sudo apt-get install php-xml php-xmlrpc

    installed a few php7 packages.

    Upon restarting apache2 I was able to successfully log into the Android WordPress App and see the latest news in the WordPress News widget.

    Thank you for the link to information about XML-RPC attacks, it is quite informative and made me reconsider using the Android WordPress App in preference of security. It's unfortunate that the app and news widget feature do not work, and I hope they are the only things that don't work.

    • eris MOD October 26, 2016

      Thanks for checking into this. I'm working to confirm this, then we'll push out a new WordPress image with the fix.

eris MOD October 25, 2016

This is actually a security feature in the new one-click. WordPress is a common target for xml-rpc based brute-force attacks. This is something that our customers frequently have trouble with since it's trivial to take down an unsecured WordPress instance.

To prevent this, fail2ban is set up by default. If you enter the wrong username or password over xml-rpc, you will be blocked from access for 5 minutes.

Wait five minutes, then try again with the correct username/password. It should work fine. :)

Reply
  • benabbottnz October 25, 2016

    Thanks for your reply.

    I can log into WordPress perfectly fine through the web interface, but the Android WordPress app and the Dashboard WordPress News widget do not work at all, even after waiting 5 minutes and using the correct login details.

    Checking the site with an xml-rpc validator returns a 500 server error for my site. Using that same validator site for another WordPress website works fine.

    The Android WordPress App also mentions a 500 server error.

    This happens on a fresh install of WordPress based on the 16.04 One-Click app.

Have another answer? Share your knowledge.

Related Questions