[wp-hackers] Is disabling remote client access a good idea?

Jason Murray jason at zenphp.com
Wed Jun 25 12:35:21 GMT 2008


This whole discussion reminds me of the REGISTER_GLOBALS default setting
change change in PHP a couple of years ago, when they decided to turn it off
by default.

Simply changing a default for a new installation is not that big a deal.  We
simply need to get the word out about it, and make sure that the upgrade
process does not interfere with existing settings, though maybe a reminder
note on the dashboard about turning it off if you are not using it (or don't
know what it is).

I like the idea of adding the step to decide to the install process as
well.  It will ensure that it gets the attention it needs and minimizes the
"Why doesn't this work!" complaints.

Communication is simply the key here.

Regards,

Jason M.


More information about the wp-hackers mailing list