[wp-trac] [WordPress Trac] #21509: Enable XML-RPC by default and remove the option
WordPress Trac
wp-trac at lists.automattic.com
Wed Aug 15 20:14:40 UTC 2012
#21509: Enable XML-RPC by default and remove the option
-------------------------+------------------
Reporter: nacin | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.5
Component: XML-RPC | Version:
Severity: normal | Resolution:
Keywords: has-patch |
-------------------------+------------------
Comment (by blobaugh):
Turning XML-RPC on by default is fine now that so many people are trying
to use the mobile apps to manage their installs, however removing the
ability to turn it off may be a bad idea. Security may not be as big of an
issue as it was previously, however keeping XML-RPC enabled provides an
addition surface for attack. Unless requested by clients I always ensure
their XML-RPC is disabled. Many security conscious folk add additional
layers of protect for wp-admin, such as moving it or through plugins, but
attackers would know the the XML-RPC was always hanging out there ripe for
the picking. Humans are not perfect, there will always be the possibility
of a bug causing a security hole. Keep the option and limit the risk.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21509#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list