What username/password should I provide to log in?
You should use same credentials as you normally use to access your WordPress Dashboard. Make sure the user account has sufficient permissions to manage galleries and albums, and upload images. Check permissions in WordPress Dashboard | Gallery | Other Options | Roles & Capabilities.
Why am I unable to log in?

Make sure the Server URL and XMLRPC Path are correct. Server URL is the full web address (including the http:// or https:// prefix) of your WordPress blog, e.g. http://myblog.com. XMLRPC path is the relative path of the XMLRPC service in your WordPress system, normally this should be set as /xmlrpc.php.

You can test this your parameters by copying and pasting the Server URL value into your web browser's address bar - the browser should open your WordPress blog's home page.

Next, make sure the XMLRPC address is valid. Enter the concatenated URL http://myblog.org/xmlrpc.php in the web browser's address bar - you should receive the following message:

XML-RPC server accepts POST requests only. 

This means you have specified the parameters correctly, and the XMLRPC service is enabled. At this point you should be able to login with the credentials you normally use to log to WordPress administration panel. If something is still not working, submit your debug log and we'll do some heavy troubleshooting.

If you get an errors message or a blank page, the XMLRPC service is either disabled, or something your hosting environment is interfering with the XMLRPC handler.

I also found that in some cases GET request are working fine, but POST requests could be blocked. There is an online tool at www.hurl.it, which you can use to send an empty POST request to your site. Normally this should produce an XML response containing the "parse.error not well formed" message in the body.

What could be blocking the XMLRPC interface?

1. The xmlrpc.php script is disabled. This is usually the case with shared hosting environments. Many hosting providers consider the XMLRPC protocol a security threat and they disable it on the web server, simply not allowing any script named xmlrpc.php to run. One solution is to rename the xmlrpc.php script in your WordPress installation, however this may get a little tricky. For information, see the following topic.

2. The xmlrpc.php script is blocked. A frequent cause of upload and connection related errors is the mod_security module. mod_security is an Apache module that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc. This all sounds good, however, when poorly configured mod_security can also shred totally innocent and legitimate requests. When this happens you can experience all sorts of trouble ranging from server errors ("HTTP Error 400 Bad Request" and "HTTP Error 500 Internal Server Failure") to seemingly random alterations and disappearance of API requests.

If you have your own server and can configure it at your will I recommend disabling mod_security, at least to check if things start working as expected once your take mod_security out of the equation. Then you can work on configuring it correctly so it does not interfere with the WordPress API.

Things starting to look more bleak if you are on a "shared hosting" plan where your provider controls Apache and PHP configurations. Some providers would work with you and make reasonable configuration changes, some (particularly those who provide free or nearly free hosting) would not change a thing. My only advise to you in this case is that you look for alternatives.

3. Other WordPress plugins interfere with XMLRPC. Various plugins trying to improve the security in WordPress make the XMLRPC interface inoperable. Among the usual suspects are the following plugins: Better WP Security and Role Scoper. To find the offending plugin I recommend disabling all security related plugins in your WordPress Dashboard and see if that solves the issue. If it does, start re-enabling those plugins one by one, each time testing your XMLRPC. If your test fails, then you know which plugin you have just enabled - that is the offender.

There are also badly written plugins that simply add some HTML content to every server response with no regard of the expected response format. One of such plugins is the WP Retina plugin.

I have also dealt with a good share of clients whose WordPress blogs were polluted by malicious "Black Hat SEO" techniques. For detailed info, see Black Hat SEO Technique Demystified – hideMeya.

I get an error message "The certificate authority is invalid or incorrect".

This error is raised by Lightroom when you attempt to establish a HTTPS connection with a server using an invalid or self-signed certificate. Visit your secure site in the web browser then explicitly accept the invalid certificate. The system will put the certificate in the trusted store and will consider it valid.

The following article explains how to accept a self-signed certificate using Internet Explorer: http://www.poweradmin.com/help/sslhints/ie.aspx, and this discussion covers Google Chrome and Mac OS: http://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate.

What is the "Precondition Failed" error?

This is a frequent situation with shared hosting environments. Usually this is an indication that your hosting provider, while trying to harness security of your website, is also blocking the xmlrpc.php script using the mod_security module. The xmlrpc.php script is the communication link between your WordPress blog and remote applications. With the script blocked, my plugin will be unable to read information about your galleries or upload photos to your blog.

With older versions of mod_security it was possible to override security rules by specifying custom rules in the local .htaccess files. With the latest version of mod_security you must have access to Apache configuration files in order to modify or override any of security rules. The only solution here is to rename the script. For details, see the following topic.

My hosting provider is blocking the xmlrpc.php script. Can I rename it?

First, rename the xmlrpc.php to your liking, for example you can name it topsecret.php. Make sure the script works correctly by visiting the new URL of your XMLRPC endpoint in the web browser, e.g. http://myblog.org/topsecret.php. If you have successfully bypassed your provider's security measures, this time you should see the expected message:

XML-RPC server accepts POST requests only. 

However, simply renaming the script file is not going to be enough. WordPress uses the hard-coded "xmlrpc.php" name to generate internal URLs, so some API methods may work incorrectly unless this is resolved. In order to switch WordPress to the new XMLRPC endpoint correctly, I recommend installing a simple WordPress plug-in: http://wordpress.org/extend/plugins/rename-xml-rpc/

All you need to do is rename xmlrpc.php your liking and edit the rename-xml-rpc.php script in the "Rename XMLRPC" plugin and set the $renamed_xml_rpc_filename variable to the new file name.

Finally, on the Lightroom side, change the XMLRPC Path option in your Export and Publish settings to point to the new filename, e.g. "/topsecret.php". This should allow my plug-in to communicate with your WordPress.

Why am I getting this message: "Server error. requested method ngg.getGalleries does not exist"

You don't have the NextGEN Gallery plug-in installed in your WordPress, or the plug-in is disabled. From your WordPress Dashbord, click Plugins and see if "NextGEN Gallery" is listed and enabled. If it's not in the list, click "Add New" and search for NextGEN Gallery. The NextGEN Gallery plugin by Alex Rabe should be first in search results. Click "Install Now" to install.

Why am I getting "Could not create the gallery. XMLRPC Fault Code: 500" error when creating galleries?

HTTP Error 500 means a failure to execute PHP script on the server. Most likely, this is permission related. For example, this happens when the parent folder is not writable, or when your server is running in Safe Mode. Check if you can create galleries using the WordPress Admin interface.

The file you are trying to upload exceeds the maximum server limit for uploads

Your photo files are too large are being rejected by the server because they exceed the POST size limit.

The default configuration of most PHP environments is very conservative about the allowed file size. You need to edit your php.ini file and set the following values. Note: you must restart Apache in order to use the new settings.

memory_limit = 64M
post_max_size = 16M

If your PHP installation has the suhosin patch, the memory limit and post size limit must be increased in the suhosin.ini configuration file as well:

suhosin.memory_limit = 64M
suhosin.post.max_value_length = 16M

There is an easy way to check and increase WordPress memory, see this article: How To Check and Increase PHP Memory Limit In WordPress. This great tip is a courtesy of Rich Turner.

Why am I getting HTTP Error 500?

HTTP Error 500 means a failure to execute a PHP script on the server. A detailed error description can be found in Apache's log file.

I am able to upload photos, however thumbnails are not generating. How to fix that?

This means the NextGEN Gallery Plugin on the server is unable to render thumbnails for uploaded images. This happens when the uploaded images are small enough for the "post size" limit, however the memory limit is insufficient to let the graphical library process images.

To solve this, you need to edit your php.ini file and increase the memory limit. Note: you must restart Apache in order to use the new settings.

memory_limit = 64M

If your PHP installation has the suhosin patch, the memory limit and post size limit must be increased in the suhosin.ini configuration file as well:

suhosin.memory_limit = 64M

I am getting a weird error "You are not authorized to delete posts in this category." What does this mean?

This error may appear under the following circumstances:

  1. You have the "Allow Categories" plugin installed in your Word press environment;
  2. Your account has insufficient permissions to create new post and pages with no category assigned;
  3. You are trying to create a new gallery;
  4. You have the Create Blog Entry option set as "New blog post" or "New page".

You can solve this by setting correct permissions in your WordPress.

What image settings should I use?

We are uploading images to WordPress blogs for viewing intent, not for printing or archiving, so you don't need to preserve every single pixel of your original photo. With that in mind, I recommend the following combo:

  • JPEG Quality: 75 - 80%
  • Resize to Fit (checked): Long Edge, 1200 - 1600 pixels
  • Sharpen For (checked): Screen, Amount: Standard (or Low)

This combination produces good quality JPEGs for viewing purpose, typically 600 - 900KB in size.

Keyword tags and other metadata are not showing for uploaded photos. What could be the issue?

Make sure to turn off resizing on the server (in WordPress Dashboard, go Gallery > Other Options and set the Automatically resize images after upload option to No. If you also need other EXIF and IPTC metadata, select the All Metadata option in Lightroom when uploading photos.

I get a "catalog update failed" when trying to install an update. How to fix this?
This error is sometimes generated by Lightroom when you install a new version of the plugin and the plugin attempts to update its custom metadata fields in the catalog. Sometimes this can be solved by disabling and then re-enabling the plugin you are trying to update (use the Status panel in the Lightroom Plug-in Manager to do so). If that does not work, disable all available plugins, then re-enable them one by one.
What does the Advanced option in the Your Account section do?
This option was added in version 1.2.8. This enables you to implement additional security measures at your server, as outlined in RFC2617. Two HTTP Access Authentication methods are supported - Basic and Digest Access Authentication. Note: this is an additional authentication method, which you can use to restrict access to the xmlrpc.php script - the WordPress API endpoint. The user name and password for this authentication method should be different from your WordPress user name and password.
I am getting the following error message "Error processing server response: The following tags were not closed: methodResponse..."
This is caused by using the UTF-8 encoding of some PHP script within WordPress, usually in a plugin script. UTF-8 encoding creates a 3-byte sequence of special control characters (the byte order mark) at the beginning of the file, which PHP simply passes through to the output. These control characters appear at the beginning of any response including XMLRPC responses, making them longer than is specified in the response header. In result, these responses become truncated. It might be a long process, but you need to find the script (or multiple scripts) that use the UTF-8 encoding and change it to "UTF-8 NO BOM", or to ASCII if the script does not use any non-ASCII text.
I am getting an XML parser error "Extra content at the end of the document". What does this mean?
This error is usually an indication of an incorrect content type in the server response. For example, instead of XML it returns an HTML page. Most likely, you are either using the wrong XMLRCP path or the XMLRPC handler on the server malfunctions. Looks for tips on troubleshooting the XMLRPC handler at the top of this page.

Weird errors and weird behavior

I keep getting one of these HTTP error codes: 403, 406, 418, 503, 508.
I am getting an "Access Denied" error shortly after trying to connect or upload photos.
My site becomes unresponsive for 5-10 minutes when I try using the plugin.
My IP address keeps getting blacklisted.
Many hosting providers are protecting sites from vulnerabilities related to the xmlrpc.php script. These vulnerabilities include remote code injection, ping-back exploit, and brute-force attacks using the XMLRPC wp.getUsersBlogs method - some already resolved in recent versions of WordPress. However, the xmlrpc.php script is still considered unsafe, and many hosting providers either rate-limit requests to that script, or block it completely. Depending on how the security measure is implemented at your server, you may experience one of the above mentioned "weird" behaviors and errors.

Speak with you service provider and find out whether they actually have security measures for the xmlrpc.php script in place. If they rate-limit requests, you can experiment with the throttling option (NextGEN Gallery Export Options > Server Performance Tuning) and impose artificial delays between consecutive requests. If they completely block the xmlrpc.php script, you can try the renaming technique explained earlier. Better yet, rename and implement Basic HTTP Authentication to prevent unauthorized access to the script and specify authentication credentials using the "Advanced" option in the My Server section of the plugin.

Also keep in mind that hosting providers usually will rate-limit access to servers on a shared hosting plan. Because multiple sites share resources of a single server, the provider is required to balance access and resource usage among all sites. In this case frequent requests fall into the fair use category, rather than being a security concern.