Over the last few months we have seen a significant increase in attacks made against Wordpress, in particular via the XMLRPC.php file included within Wordpress. This file can be used to brute force credentials against Wordpress installations, so for security reasons we have globally disabled access to this XMLRPC file on a server level. This means that any attempts to access this file will result in a "403: Forbidden" error message. We are aware that this implementation may affect the Jetpack plugin and some applications which rely on using the Wordpress API to communicate with your blog, and for this we are indeed sorry.

We are able to remove this restriction and disable the mod_security rule on an individual account and domain basis - resulting in the file being accessible again. If you wish for us to do this, please open a support ticket requesting we disable mod_security's XMLRPC rule and provide us with the domain name you would like this disabled for. If you'd like this actioned on multiple domains, please include the domains in a list. Please be advised that if you wish for this rule to be disabled, we strongly recommend implementing some additional security steps to protect against XMLRPC attacks. We also strongly advise that you keep your Wordpress up to date at all times.