I have tried disabling the fail2ban filter that disabled xmlrpc and adding the necassary addresses to ip_whitelist
. However I still receive An error occurred. Please try again. when I try to enable Jetpack
security.yml
ferm_input_list:
- type: dport_accept
dport: [http, https]
filename: nginx_accept
- type: dport_accept
dport: [ssh]
saddr: "{{ ip_whitelist }}"
- type: dport_limit
dport: [ssh]
seconds: 300
hits: 20
# Enable built-in fail2ban services or add your own custom ones
fail2ban_services_custom:
- name: wordpress_xmlrpc
filter: wordpress-xmlrpc
enabled: "false"
port: http,https
logpath: "{{ www_root }}/**/logs/access.log"
- name: wordpress_wp_login
filter: wordpress-wp-login
enabled: "false"
port: http,https
logpath: "{{ www_root }}/**/logs/access.log"
# If sshd_permit_root_login: false, admin_user must be in 'users' (`group_vars/all/users.yml`) with sudo group
# and in 'vault_users' (`group_vars/staging/vault.yml`, `group_vars/production/vault.yml`)
sshd_permit_root_login: true
sshd_password_authentication: false
ip_whitelist:
- 127.0.0.0/8
- 52.162.107.35/8
- 52.162.107.35/32
- 52.162.107.35
- app.oliverpos.com
- 122.248.245.244/32
- 54.217.201.243/32
- 54.232.116.4/32
- 192.0.80.0/20
- 192.0.96.0/20
- 192.0.112.0/20
- 195.234.108.0/22
- "{{ ipify_public_ip | default('') }}"
Are you using this example from the PR discussion?
roots:master
← roots:disable-xmlrpc-by-default
Jetpack does still use this, but you can whitelist their IP address ranges:
h… ttps://jetpack.com/support/how-to-add-jetpack-ips-allowlist/
It would look something like this:
```location = /xmlrpc.php {
# Whitelist Jetpack IP ranges
allow 122.248.245.244/32;
allow 54.217.201.243/32;
allow 54.232.116.4/32;
allow 192.0.80.0/20;
allow 192.0.96.0/20;
allow 192.0.112.0/20;
allow 195.234.108.0/22;
# Deny all other requests
deny all;
}
Thanks for your quick reply!
Yes, that’s the range I am using in my security.yml
ben
April 13, 2023, 4:44pm
5
I’m not sure what this means, but why not just change this to true
?
Ah, forgot to say I had this set in my group_vars file.
Thanks though.
So I ended up destroying the Do Droplet and provisioning from scratch just in case. Sadly, I still have the same error.
Thanks though.
ben
April 13, 2023, 7:58pm
8
Is this an XMLRPC issue or something else? Have you confirmed that XMLRPC is enabled? What are the results of this?
curl -I http://example.com/wp/xmlrpc.php
1 Like
Ah, I am getting a 301!
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 13 Apr 2023 21:10:20 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://next.gooseashby.com/wp/xmlrpc.php
Try running curl
with the -L
flag to follow the redirect.
Oh good call!
Any ideas?
Thanks
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 14 Apr 2023 14:12:50 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://next.gooseashby.com/wp/xmlrpc.php
HTTP/2 405
server: nginx
date: Fri, 14 Apr 2023 14:12:50 GMT
content-type: text/plain;charset=UTF-8
allow: POST
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: frame-ancestors 'self'
x-frame-options: SAMEORIGIN
ben
April 14, 2023, 2:44pm
12
A 405 error means that XMLRPC is enabled
I’m not a Jetpack user so I’m not sure why you’re unable to activate Jetpack
The test requests are not made from a Jetpack IP address though. Can you see connection attempts from Jetpack in the server logs? Have you checked fail2ban for banned IP addresses?
1 Like
Just a thought, and apologies if this is obvious, but fail2ban
just interacts with iptables
, so disabling a fail2ban
filter, or even fail2ban
entirely will not unblock or allow any banned addresses, as they still exist in the iptables chain.
iptables -L
will give you a direct view of the system firewall.
To manage fail2ban
jails (the correct approach, rather than just modifying the iptables
chain), you can use:
fail2ban-client status
→ Show all fail2ban jails and summary
fail2ban-client banned
→ Show all bans
fail2ban-client set <JAIL NAME> unbanip <IP ADDRESS>
→ Unban the IP in specific jail
I suspect you still have iptables
rules set up.
1 Like
I think I had the same issue a while ago: Unable to insert blog. | WordPress.org
I don’t think they support custom wordpress directories like bedrock has…
ben
April 16, 2023, 3:23pm
16
There’s definitely folks using both Bedrock and Trellis with Jetpack
1 Like
tziady
March 8, 2025, 5:22pm
17
Doesn’t woocommerce also use the same connection. Certainly, others using trellis are using woocommerce.
I seem to be also experiencing this issue.
Just wondering where this thread ended being resolved or not for the OP and how if any changes that may help me with my set up?
Thanks,
T
tziady
March 12, 2025, 4:25am
18
Just posting what has happened in my case which seems to have resolved the issue and may help others along the way if they see this behavior.
For whatever reason, Jetpack is not looking at the settings under Site URL with the /wp extension.
I reached out to Jetpack support and they responded by adding this to Jetpack.
Please see this link for reference:
https://wordpress.org/support/topic/jetpack-woocommerce-cannot-connect/
And I believe that WooCommerce & Jetpack (being both Automatic tools) use the same info.
I was able to uninstall and reinstall jetpack and connect it.
And I did the same with woocommerce and it connected correctly as intended.
THanks,
T
1 Like