Hello,
The plugin runs the scan from your hosting servers, so no need to whitelist any of our IPs. But if the server is not configured to resolve its domain back to itself (loopback) you will see the the password/cannot connect warning. The plugin does not require XML-RPC.
Thank you for your prompt reply. The reason I asked about whitelisting your IPs is because the only difference between the two sites is that the one that puts up that warning is using the premium version of Wordfence with the Country Blocking featured turned on.
Back to the drawing board.
@des2019 if you turn off the country blocking in Wordfence (temporarily) are you able scan? Or do you have a staging site where you can deactivate WordFence to see if that fixes the problem or rule out a conflict with WordFence?
Turning off country blocking did not solve the problem. I may use this on sites that it works on, and go with a different accessibility checker for all other sites.
By the way, Wordfence is showing 1 vulnerability in your plugin:
Missing Authorization
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
@Des21019 are you running an outdated version of the plugin? The vulnerability in the plugin that WordFence has flagged is from March 2022 and came from a third-party library (Freemius), which was removed completely from the plugin. If you’re seeing that vulnerability please check that you’re using the current plugin.
Thank you for the clarification.
You can mark this thread as closed.
Thanks, marking completed. 😀