[wp-hackers] Is disabling remote client access a good idea?
wp-hackers at striderweb.com
Tue Jun 24 21:15:10 GMT 2008
On Jun 24, 2008, at 2:57 PM, Aaron Brazell wrote:
> Suggest that if it stays turned off by default... that there be some
> sort of notice in wp-admin (admin_notices hook?) to alert recent
> upgraders of this setting.
Okay, there is a huge, ***HUGE*** difference between
1) turned off by default on new installs, and
2) silently turning it off on existing installations where it has been
Which are we talking about here?
I have no problem with changing the default for people installing for
the first time. I _do_ have an issue with turning it OFF for people
who previously had it ON.
If we want to undertake a public campaign of recommending that people
turn it off if they don't use it, that's just fine. I would even take
part with my blog. But if you just turn it off when people aren't
looking that will mess up a lot of people who just want things to work.
As for MarsEdit and such, it is probably not too much trouble for them
to include some sort of notice to check that such and such is set
within WordPress; but again this should only really happen to people
doing initial set up.
We do _not_ want a bunch of people upgrading to 2.6 and crying "this
is broken -- it worked before!!!" That kind of thing will foster a
difficult-to-live-down reputation for unreliability.
More information about the wp-hackers