This blog is protected by a second level of security. Unable to post.
  • Hi I have a large post I am working on which I cannot send to my blog. A smaller test post has just published ok but with this one I am getting the following error additional password field.

    "This blog is protected by a second level of security. Please enter your HTTP Basic Authentication username and password for "Name of blog".

    http://cl.ly/N7nd

    I have logged into the site with the same username and password but it refuses it for this post and then comes up with a 403 error.

    http://cl.ly/N7Kb

    I've tried pasting the content into a new post but still the same error. Also the error is the same on both machines I have - a MacMini and also a MacBook Air.

    Started this thread as Google didn't turn up any answers.

    Thanks, Andy.
  • To me this sounds like xmlrpc file is protected by HTTP Basic Authentication (assuming you can log in using a web browser), you probably need a second set of user/password info (but I'm just guessing)
  • Jem, thanks as always for chiming in. Whenever you do you almost invariable have the right advice for folks :)

    Just to add a little more to this, the error message and special authentication panel you're getting from MarsEdit strongly suggest it's an authentication issue that is happening at the "HTTP" level - that is, before the blog password is even involved. Something is stopping MarsEdit from even knocking on the door to your blog, so to speak.

    If you can capture the network log it might help me to pinpoint the problem.

    1. Open MarsEdit
    2. Select Window -> Network Log from the menu bar.
    3. Clear the log if it's not already empty.
    4. Try to refresh the blog again from MarsEdit.
    5. Copy the network log contents.

    I recommend mailing the network log to me instead of pasting here. It's hard to paste the content here without the forums screwing up the formatting, and just in case there is any sensitive information in the log you won't have to worry about. support@red-sweater.com. Thanks!

    Daniel
  • Daniel, thanks. I have emailed the network log.
  • Looks like these bits are the problem on the individual post.

    Network message sent: 2013-02-26 19:55:37 +0000
    URL: http://mysite.co.uk/blog/xmlrpc.php
    Method name: metaWeblog.editPost
    Network reply received: 2013-02-26 19:55:40 +0000
    URL: http://mysite.co.uk/blog/xmlrpc.php
    Method name: metaWeblog.editPost
    Status code: 403
    Succeeded: NO
    --Download Error--

    Response text:
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

    403 Forbidden

    Forbidden


    You don't have permission to access /blog/xmlrpc.php
    on this server.


    Additionally, a 404 Not Found
    error was encountered while trying to use an ErrorDocument to handle the request.


  • Hi Andy - thanks for sending the log and I'm sorry I didn't follow up more quickly.

    What's interesting about the log is it reveals that the server is responding successfully to many requests, just not to the editing requests.

    The fact that this is only affecting your larger post gives me an idea and reminds me of a very similar problem another customer ran into. In his case it turned out his hosting company had activated some security features on the site that would reject accesses to xmlrpc.php if the content contained certain content. In his case it literally came down to some specific short english phrase triggering the rejection.

    I would get in touch with your web hosting support team and ask them whether they think this could be the case. Send them the same network logs that you sent to me and ask if there is any security software installed and configured that could be rejecting requests based on the content POST'd to the xmlrpc.php endpoint.

    Daniel
  • Thanks Daniel. Sorry for the slow response on my part. Will chase this up now and report back.

  • I'malso haveing a similar issue. I sent dream host, my provider, the network log and they will email me if the problem can be resolved. I kept a record of their chat wiht me in case any issues orise. I hope this has nothign to do with the recent security flaw known as hart bleed as if it does all blogs will have to be updated wiht new softwares. and more problems will be had.
  • Marrie, same problem here with DreamHost. Their advice to me was to turn off WordFence plugin (in case you're running it, too). Didn't work for me, but something to try.
  • DreamHost customers seem to be having a terrible time lately with some recent changes they have made to their security settings. I don't know what else to suggest but to keep insisting to them that they revert the behavior to the old way it worked. It may help to capture the "Network Log" from MarsEdit (in the Window menu), and send it to them as evidence that the DreamHost-hosted WordPress installation is giving the errors.
Start a New Discussion

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!