[wp-hackers] Is disabling remote client access a good idea?
dan at dancoulter.com
Tue Jun 24 19:49:48 GMT 2008
On Tue, Jun 24, 2008 at 2:30 PM, Daniel Jalkut <jalkut at red-sweater.com>
> fraserspeirs: @danielpunkass Implies a lack of confidence in their own
> code. Windows-esque.
They aren't implying, he's inferring.
It's common to disable services that you don't use. If you have a Linux web
server, you will only open up the services to the outside world that you
actually need. Don't need FTP? Disable it. Don't need SSH? Disable it. I
think that is the thinking here. Reduce the possible vectors of attack.
I don't know what kind of stats there are about how many people use these
interfaces. Anecdotally, I mentioned this change in an IRC chat and one of
my friends said "huzzah!" This is a friend who has been simply deleting
those interfaces every time he upgrades WordPress, because he has had
security problems in the past (the distant past, in WP terms).
Hey, I got nothing to do today but smile
-Simon and Garfunkel
More information about the wp-hackers