r26D

MarsEdit Works Better at Pressable

One of the blog clients we’ve been trying out is MarsEdit by Red Sweater. For working with Wordpress, it has a nicer interface, is easy to add images, and can save local copies of drafts.

Our Wordpress host, Pressable, had used some security protection to prevent password brute force and other xml-rpc flooding attacks. The way it was implemented would catch the legitimate requests of MarsEdit and ban the client’s IP for an hour.

After some exchanges with Red Sweater, they suggested whitelisting MarsEdit using the User Agent identity instead of the referrer. Working with Pressable (big ups to Kai), they were able to push out the changes to their fail2ban rules for xml-rpc.

After a quick test, all is good - MarsEdit and Pressable now play nicely! Good job!