I have now started writing my texts and blogs with Ulysses. To publish the texts on the blog, you have to connect to the WordPress blog. My WordPress is hosted on a Strato server with Plesk. Authorizing WordPress is not that easy.
Whenever I tried to connect to WordPress, I got an error message. First, I tried to connect via the website. I entered the general URL of the blog in the URL field: https://blog.domain.xxx. I was redirected to the website, entered the name for the application password, and when I returned to Ulysses, the following message appeared: „Cannot access blog. Please verify the WordPress account in your browser.“ After searching around a bit, I decided to try using xmlrpc.php. So I entered the URL https://blog.domain.xxx/xmlrpc.php. When I did that in the Ulysses URL field, the window changed and I was asked to enter my username and password.
In this case, you have to create the APP password yourself. To do this, log in to WordPress. Then click on your account and then on Edit Account. Scroll down to the bottom of the page. Under Application Passwords, enter a name for the password and then click Add Application Password. A new password will be generated, which you must then copy here. It cannot be displayed again later, so you must save it or enter it directly in the Ulysses authentication.
Unfortunately, this did not lead to the desired result. In fact, the blog website was no longer accessible. I was also unable to access the Plesk website. It seemed likely that my IP had been blocked by Fail2Ban.
So I had to connect to the server via ssh. A search with
fail2ban-client banned
then showed that the IP had been blocked by the plesk-modsecurity jail. This recognizes access to xmlrpc.php as potentially problematic. So you should take a look at the log of the web application firewall in Plesk. Log in to Plesk after unblocking your IP
fail2ban-client unban <IP>
and click on Tools & Settings / Web Application Firewall. Click on ModSecurity Logfile and you will see this in a new window. Search for the IP or xmlrpc.php. Once you have found the entries, search for the ID of the security rule. It looks something like this: [id "210492"]
Then enter this ID in the „Security Rule IDs“ field. Then click Apply and OK. Now you can log in.