How to solve Your php missing SimpleXML Extension?
My php version is PHP "7.2.24-0ubuntu0.18.04.4"
please how do I install "SimpleXML Extension"
I have tried suggestions from this post to no avail https://stackoverflow.com/questions/38793676/php-xml-extension-not-installed
Please anyone know how I can do this?
7 Replies
I have done this but still unable to make use of wordpress mobile app.
I learned I have to enable it on xmlrpc but there is no solution to do that as I cant figure out how it works. I tried below code on htaccess but cannot really determine how to let it work for the offical wordpress mobile app.
All I want to do is allow the app to let me post through it to my blog. Any idea?
Steve had already told me no solution but just asking should in case you have a suggestion or workaround.
<files xmlrpc.php=""> Order deny,allow Request all denied Allow from 197.210.53.176 </files>
XMLRPC is enabled by default I believe. There are plenty of ways to disable it - plugins, .htacess etc.
I run a couple of WordPress sites with the official mobile app and have never had to mess with XMLRPC.
My suggestion would be to remove that from .htaccess and check there are no plugins set to disable access to XMLRPC. Once you have the app working you can then lock it down.
This is what I did exactly by removing it and then login in to my wordpress mobile app.
Once I remove that piece of code everything works fine but if I put it back the app stops working.
Meaning I must disable xmlrpc for the app to continue working…what I was asking is if the is a trick where you can disable xmlrpc for all but whitelist wordpress mobile app alone.
That was the question. How do you guys the experts deal with a case like this because enabling the xmlrpc is a big security issue and I really want to make use of the official wordpress mobile app by automattic.
Thanks.
This depends on how the official app is architected. If the app is communicating via backend servers run by Automattic (highly likely) then you'd need to lock down the rules based on their server IPs.
This Github issue might prove useful (this is relevant to Jetpack - another Automattic plugin, however the IPs mentioned are Automattic's IP blocks): https://github.com/Automattic/jetpack/issues/1719
@skd4 & I have corresponded extensively by email about this issue. Although I'm not a WP user, it's been my (unhappy) experience in the past that xmlrpc.php is a huge security risk. I advised him to disable it.
I'm sorry that's been your experience. I've run WP sites since around 2013, and as long as the plugins used are reputable, kept up-to-date (along with WP itself) and basic security principles are followed (password security, disabling no longer required users etc.) I (touch-wood) haven't had an issue yet.
Without the background on what has and hasn't already been discussed, I could only comment based on the questions asked.
@andysh I have really gone a long way with my friend and mentor @stevewi and We already concluded not to use the mobile app because I don't want my blog to be hacked just because of an app that uses xmlprc.
Its better I avoid it until there is a good solution to whitelist the app while blocking every other thing.
Thanks.