Fix Jetpack “XML-RPC server accepts POST requests only” When Connecting

If you’re wondering what’s broken: Jetpack cannot use your site’s xmlrpc.php endpoint the way it needs to. Either XML-RPC is blocked, missing, or sending the wrong kind of output.

What “XML-RPC server accepts POST requests only” actually means

WordPress has a built-in file called xmlrpc.php. It lets external services like Jetpack and the WordPress mobile app talk to your site using special POST requests.

On a healthy site, if you visit:

https://your-site.com/xmlrpc.php

you should see a blank page with exactly this one line:

XML-RPC server accepts POST requests only.

That single sentence is WordPress saying: “XML-RPC is here and ready, but you must send POST requests, not just open it in a browser.”

If you see anything else on that page, Jetpack will have trouble connecting. For example:

• Extra blank lines above or below the sentence
• HTML from your theme
• PHP warnings or notices
• A 403 or 404 page
• A security or firewall message

Step 1: Test your xmlrpc.php the same way Jetpack does

1. Open xmlrpc.php in a browser

1. Log out of WordPress, or open a private/incognito window.
2. Go to https://your-site.com/xmlrpc.php (replace with your real domain).
3. Write down exactly what you see on the screen.

You can compare your result to this working example: https://wp.cloud/xmlrpc.php.

Now match your result:

• Case A: You see one single line that says XML-RPC server accepts POST requests only.
  This means XML-RPC itself is fine. Jump to Step 4: Jetpack-specific checks.
• Case B: You see that line, but there are extra blank lines, HTML, or PHP warnings around it.
  Go to Step 2: Fix extra output or blank lines.
• Case C: You see a 403 or 404, a security page, or something completely different.
  Go to Step 3: Fix blocked or missing XML-RPC.

Step 2: Fix extra output or blank lines around the message

In this case, XML-RPC exists, but something is sending extra output before WordPress can send its simple one-line response. That “something” is usually a plugin, a theme, or whitespace in wp-config.php.

Typical signs:

• The right sentence appears, but it is not on a line by itself.
• The page is wrapped in HTML (doctype, html, body tags).
• PHP notices or warnings appear above the sentence.

2.1 Rule out a plugin conflict

1. Go to Plugins → Installed Plugins.
2. Temporarily deactivate all plugins except Jetpack.
3. Open a private/incognito window and reload /xmlrpc.php.

If you now see only the single line XML-RPC server accepts POST requests only. on a blank page, one of the deactivated plugins was adding output.

Find the exact plugin:

1. Reactivate your plugins one at a time.
2. After each activation, reload /xmlrpc.php.
3. When the extra output comes back, you have found the plugin that is causing the problem.

For that plugin:

• Check its settings for anything related to XML-RPC, “hardening” or security output.
• Update it to the latest version in case XML-RPC compatibility was fixed.
• If you cannot turn the behavior off, consider replacing the plugin or contacting its support.

2.2 Rule out a theme issue

1. Switch temporarily to a default theme such as Twenty Twenty-Four.
2. Reload /xmlrpc.php in a private window.

If the output becomes clean with the default theme, your original theme is printing content too early, often in functions.php. Send the theme author a screenshot of your /xmlrpc.php output and explain that Jetpack needs a plain, one-line response.

2.3 Check wp-config.php for extra whitespace

Even a single blank line in wp-config.php can cause this.

1. Use FTP or your hosting file manager to open wp-config.php.
2. Check that there are:
   • No spaces or blank lines before the opening <?php.
   • No closing ?> tag at the very end of the file.
3. Save the file and reload /xmlrpc.php.

2.4 Re-upload a clean xmlrpc.php if needed

If you still see strange output and you suspect the core file itself was edited:

• Download the same WordPress version you are running from wordpress.org.
• Extract the archive and locate the xmlrpc.php file.
• Upload that file to your site’s root, replacing the existing one.

Reload /xmlrpc.php. If you now see only the single sentence, XML-RPC output is fixed and you can try connecting Jetpack again.

Step 3: Fix blocked or missing XML-RPC (403, 404 or security page)

If visiting /xmlrpc.php gives you a 403 or 404, or shows a security banner, Jetpack cannot even reach XML-RPC.

Common causes include:

• Security plugins that “disable XML-RPC” as a hardening feature.
• Host-level firewalls or Web Application Firewalls that block xmlrpc.php or Jetpack IP ranges.
• Plugins specifically designed to block XML-RPC.
• The xmlrpc.php file being deleted from your site root.

3.1 Check security and hardening plugins

1. Open your security plugins such as Wordfence, iThemes Security, All In One WP Security, Really Simple SSL or similar tools.
2. Look for options like:
   • “Disable XML-RPC”
   • “Block XML-RPC”
   • “Hardening - XML-RPC”
3. Turn these options off temporarily.
4. Deactivate any dedicated “Disable XML-RPC” plugin.
5. Reload /xmlrpc.php and check the output again.

3.2 Ask your host about firewall rules

If plugins are not blocking it, your hosting provider might be.

• Contact your host and say something like:
  “Jetpack needs access to /xmlrpc.php. Right now that URL returns a 403 or 404 (or a security page). Can you allow access to xmlrpc.php and Jetpack’s IPs so Jetpack can connect?”
• Ask them to confirm that:
  • The xmlrpc.php file exists in your site root.
  • No server or firewall rule is blocking requests from WordPress.com and Jetpack.

3.3 Restore xmlrpc.php if it is missing

If your host confirms that xmlrpc.php is missing and requests to it return a 404:

• Download the same WordPress version you are using.
• Extract the archive and copy the xmlrpc.php file.
• Upload it to your site root.

When /xmlrpc.php shows the single-line message, you can move on to Jetpack checks.

Step 4: If xmlrpc.php looks perfect but Jetpack still will not connect

At this point /xmlrpc.php shows exactly one line, with no extra output:

XML-RPC server accepts POST requests only.

That means XML-RPC itself is healthy. If Jetpack still fails, the issue is probably SSL, DNS, timeouts or another connection detail.

4.1 Run the Jetpack Debug Tool

1. Go to the Jetpack Debug Tool.
2. Enter your site URL and run the test.
3. Note the exact result it gives you. For example: SSL problem, XML-RPC not reachable, timeout and so on.

Then:

• If it reports an SSL issue, fix your HTTPS configuration or ask your host for help, then retest.
• If it reports a timeout, ask your host if they can increase timeouts or improve response time for XML-RPC requests.
• If it reports XML-RPC not responding correctly again, check any proxies or CDNs such as Cloudflare that might be altering or blocking /xmlrpc.php.

4.2 Reconnect Jetpack cleanly

1. In your dashboard, go to Jetpack → Dashboard → Connections.
2. Disconnect the site from your WordPress.com account.
3. Click Connect Jetpack and follow the connection flow again.
4. Run the Jetpack Debug Tool one more time to confirm that everything passes.

Verification: how to know it is fixed

You are in good shape when:

• https://your-site.com/xmlrpc.php shows exactly one line: XML-RPC server accepts POST requests only.
• The Jetpack Debug Tool reports that XML-RPC and the connection are working.
• Jetpack can connect without showing XML-RPC or connection errors.
• Features that depend on Jetpack, such as stats, backups or the mobile app, start working normally.

Still stuck?

For AI help

Hit Continue Chat and send me:

• A copy or screenshot of what /xmlrpc.php shows in a private window.
• The current result from the Jetpack Debug Tool.
• A list of your main security and optimisation plugins, and whether you are using Cloudflare or another CDN or WAF.

I can then walk you through the next specific steps for your setup.

For expert human help

Scroll down to the contact form below. Enter your name, email, and WordPress needs. Atiba will get back to you as soon as possible.