When you’re presented with the following error message, Ulysses has had trouble reaching your blog:
A security plugin or firewall appears to be rate-limiting XMLRPC connections. Please verify your plugins or contact your hosting provider for further assistance.
Ulysses uses the XML-RPC protocol in order to connect to your WordPress blog. External apps like Ulysses make use of this protocol to access information about your blog and for publishing posts. To do this successfully, Ulysses needs to be able to send up to 20 requests per minute. Some servers put a limit on the number of such requests, mainly for security reasons. The above error message indicates your server has such a limit applied. In this case, Ulysses aborts the login procedure, since it cannot guarantee if it can publish your blog posts correctly.
Such security rules are usually applied to reduce the risk that potential attackers can run automated attacks targeting the blog, like trying out weak, commonly-used passwords. However, if these rules are too strict, this will also limit the access for external applications to your blog.
Steps to Be Taken
There are two main ways in which these security rules can be imposed. First, your hosting provider might set up a filtering rule on your web server or on the firewall protecting your web server. Second, you might have a WordPress plugin installed that actively filters the XML-RPC requests to your blog. Please ask your hosting provider whether they have got these restrictions in place, and make sure to check your plugins whether these filters are in place. In order to protect your blog against common attacks on XML-RPC, we recommend to follow this guide.