[wp-trac] [WordPress Trac] #21509: Enable XML-RPC by default and remove the option
WordPress Trac
wp-trac at lists.automattic.com
Fri Sep 28 17:39:19 UTC 2012
#21509: Enable XML-RPC by default and remove the option
-------------------------+-----------------------
Reporter: nacin | Owner: nacin
Type: enhancement | Status: reopened
Priority: normal | Milestone: 3.5
Component: XML-RPC | Version:
Severity: normal | Resolution:
Keywords: has-patch |
-------------------------+-----------------------
Changes (by samuelaguilera):
* status: closed => reopened
* resolution: fixed =>
Comment:
In my honest opinion, it's very dissapointed to see XML-RPC forced on and
no way for admin of the site to turn it off from settings (hey! let
admins make some decisions in their sites ;)).
It's not only a matter of security to closing some doors that you don't
need to use, it's also a matter about saving memory and resources you
simply don't need if you don't use XML-RCP never...
Anyway, having a filter to turn it off is fine for me. But the fact is
that using the new xmlrpc_enabled only stops from making login, but the
XML-RPC server is still running (and responding), and even if you made
login previously in the site through XML-RPC and you're still logged in,
you can access even if you hook to the filter to turn it off :(
Removing the xmlrpc.php file form installation maybe is a solution, but
not a professional one. For example doing that can create a lot of 404
error messages and therefore make Apache access.log grow with no valid
reason.
Please, don't leave it this way. What about put the new filter in some
other place to make XML-RPC server totally off?? ;)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21509#comment:13>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list