In case you’re using WordFence plugin on sites you’re going to crosspost to, you need to keep in mind that you have to configure it properly.

In order to do so please visit WordFence > All Options, scroll down to the “Brute Force Protection” section. Here you need to make sure that checkboxes “Prevent discovery of usernames through ‘/?author=N’ scans, the oEmbed API, the WordPress REST API, and WordPress XML Sitemaps” and “Disable WordPress application passwords” are unchecked.

WordFence checkboxes you need to uncheck to allow REST API.
You need to uncheck “Prevent discovery of usernames through…” and “Disable WordPress application passwords” checkboxes on your sites as well. Don’t forget to hit the “Save Changes” button after that.

Ok, but what happens if you don’t do that?

Need more help?