[wp-trac] [WordPress Trac] #36055: Filter xmlrpc_enabled only partly works
WordPress Trac
noreply at wordpress.org
Thu Mar 3 10:16:52 UTC 2016
#36055: Filter xmlrpc_enabled only partly works
--------------------------+------------------------------
Reporter: markoheijnen | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: XML-RPC | Version: 2.9
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+------------------------------
Comment (by markoheijnen):
As far as I can tell, this is the best WordPress can do since an API still
need to act like an API, even when it's disabled. Most load will be
generated by WordPress itself and not the XML-RPC. As I told to you in
private is that an attack should be prevented on the server level.
In your case you could exit the XML-RPC request on a hook by checking the
XMLRPC_REQUEST constant.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36055#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list