MarsEdit & WordPress

Hi! Can you use Word Press with Mars Edit?

I want to set up a blog. (I use to have one.) But I really do not want to pay for it.

You can. As a matter of fact using MarsEdit with WordPress is just about the best blogging experience I’ve ever had. (I’ve been using MarsEdit since it was bundled with NetNewsWire. The present owner is wonderfully responsive when I’ve needed support.)

1 Like

Thank you!! I remember I loved it! Sounds just terrific.

So you set up Word Press first, right?


If you’re going self-hosted, keep in mind that if you install a security plugin on your WP site you just need to make sure that it doesn’t block the XML-RPC service which MarsEdit uses to post.

If you’re going with, keep in mind that they toss ads in your content - seemingly at random points. I saw a guy who had a personal blog and was recommending a product, and the WP ad was for a different, competing product. :slight_smile:

1 Like

Wow! Thank you! The other blog I had I’m thinking it was a google site. No ads.

How would I make sure it doesn’t block xml-rpm service? Do I need a security plug-in? I imagine it will ask me if I want it.

You will have to ask the webhost - from speaking with my current webhost when I tired setting up Ulysses with remote posting, they block it due to security concerns as must people don’t maintain the Wordpress installation and it would end up getting hacked due to a vulnerability.

I can’t recall if the default Wordpress website blocks it or not - however, as it’s free to create a Wordpress site and Marsedit has a free trial, you should be able to check before committing fully.

1 Like

Thank you ever so much!

Default WordPress leaves it wide open.

Yup. Basically, in order to use the super-easy posting from a tool like MarsEdit it sends a request to your server like “here’s the username, here’s the password, here’s the post data”.

XML-RPC “login failures” don’t necessarily get logged the same as actual “login page” login failures. Couple that with the fact that a single XML-RPC request can contain multiple requests (anecdotally I’ve heard “hundreds”), so it’s a common way for hackers to try out lots of username / password combos without setting off the “failed login” warning flags.

My favorite security plugin - iThemes Security - allows you to either disable XML-RPC completely, or to restrict it to one request at a time. Some hosts get more aggressive though, as an open XML-RPC and a bad password is a recipe for “hacked WordPress site”. So they just shut it down entirely.

1 Like