WordPress: Rate-Limited Connection

If you receive the error message below, Ulysses had problems reaching your blog.


Ulysses uses the XML-RPC protocol in order to connect to your WordPress blog. External apps like Ulysses make use of this protocol to access information about your blog and for publishing posts. To do this successfully, Ulysses needs to be able to send up to 20 requests per minute. Some servers put a limit on the number of such requests, mainly for security reasons. The above error message indicates your server has such a limit applied. In this case, Ulysses aborts the login procedure, since it cannot guarantee if it can publish your blog posts correctly. 

Security Rules

Such security rules are usually applied to reduce the risk that potential attackers can run automated attacks targeting the blog, like trying out weak, commonly-used passwords. However, if these rules are too strict, this will also limit the access for external applications to your blog.

Steps to Be Taken

There are two main ways in which these security rules can be imposed. First, your hosting provider might set up a filtering rule on your web server or on the firewall protecting your web server. Second, you might have a WordPress plugin installed that actively filters the XML-RPC requests to your blog. Please ask your hosting provider whether they have got these restrictions in place, and make sure to check your plugins whether these filters are in place. In order to protect your blog against common attacks on XML-RPC, we recommend to follow this guide.