An issue MarsEdit users are running into with increased frequency is a challenge, when trying to connect to a blog, for a “second level of security” password. This panel is usually only displayed when a blog has been configured with an HTTP Basic protection to ensure it is completely private:

However it is recently being erroneously displayed for many users who have no such (intentional) protection set up.

The problem is rooted in web hosting administrators increasingly restricting access to the interface that MarsEdit uses to connect to blogs, called the “API.” For example, on a typical WordPress blog the API will usually be located by a URL like:

http://www.example.com/xmlrpc.php

Many web hosting teams have instituted a blanket ban on accessing URLs like these, and the way they configure the host causes an error code to be returned to MarsEdit that it mistakes for a “second level of security.”

The solution to this problem is to contact your web hosting team and ask them to explicitly whitelist access to the API Endpoint URL (you can find yours in MarsEdit’s blog settings) for your blog. It may help to provide your web hosting team a log of the conversation between MarsEdit and your blog:

1. Open MarsEdit
2. Select Window -> Network Log from the menu bar.
3. Clear the log if it’s not already empty.
4. Try to refresh the blog again from MarsEdit.
5. Copy the network log contents.

Once they have fixed the configuration of your server, the annoying security request should stop appearing in MarsEdit.

This entry was posted to MarsEdit, Tips. Comments are closed. Thanks for reading!