Last updated 22 August 2016. Created on 19 July 2005.
Edited by rhuffstedtler, LeeHunter, Gábor Hojtsy, Amazon. Log in to edit this page.

Some hosting providers (at least one!) may disable xmlrpc.php scripts to plug security holes in older versions of the XMLRPC libraries. If you've installed Drupal and enabled the BlogAPI module or the Drupal login module on such a provider, you'll get "406 errors" when you try to use the features.

One possible solution (aside from convincing your provider to turn the relatively ineffective security measure off) is to rename the xmlrpc.php file in drupal's main directory. While this is bad and will make upgrading a bit of a hassle, it can get you up and running.

You'll have to alter blogapi.module to point to the newly renamed file, as well as any other modules that point to xmlrpc.php. In the case of blogapi.module, the reference can be found on line 560:

560: $xmlrpc = $base_url .'/'. 'xmlrpc.php';

Looking for support? Visit the forums, or join #drupal-support in IRC.


rhuffstedtler’s picture

xmlrpc.php is still around as of 7.x, and there is a 7.x version of BlogAPI, but from a quick look BlogAPI no longer has a direct dependency on xmlrpc.php.

For now I'm going to mark this deprecated. If anyone disagrees, he or she can certainly switch it back.