[wp-trac] [WordPress Trac] #38855: REST API: Turn off unauthed comment write by default

WordPress Trac noreply at wordpress.org
Fri Nov 18 20:49:00 UTC 2016 

#38855: REST API: Turn off unauthed comment write by default
----------------------------+-----------------
 Reporter:  helen           |      Owner:
     Type:  task (blessed)  |     Status:  new
 Priority:  high            |  Milestone:  4.7
Component:  REST API        |    Version:
 Severity:  major           |   Keywords:
  Focuses:                  |
----------------------------+-----------------
 Posting anonymous comments is a long-time feature of WordPress, but also
 one that is much maligned when it comes to spam and the tightly related
 issue of pingback DDoS-ing. Per my understanding, writing to the comments
 endpoint does not allow for anything except the default comment type and
 is subject to the existing flood protections for comment posting, but I
 think we should turn off unauthed write by default for the following
 reasons:

 * It does not currently present any significant benefit to have it on by
 default (open to arguments here, of course); however, given the nature of
 the internet, one can reasonably assume that spam bots will almost
 immediately adapt to this new availability.
 * Assuming that this becomes even a perceived attack vector, hosts will
 then block access, much like they often do for XML-RPC, rendering it
 uselessly on by default and an even more frustrating fix for users.
 * Spam and DDoS-ing attacks are some of the biggest perception problems we
 have as a project when it comes to core; it would be foolish to ship
 something that blithely repeats those same things because "that's how it
 currently works". We would been seen as idiots who don't care, and
 rightfully so IMO. This is of particular concern if the REST API is meant
 to be positioned to appeal to developers who have otherwise avoided
 WordPress.

 No personal opinion on the filter and/or admin UI route. It is probably
 going to be kind of weird that you have one UI option to require users to
 be logged in to comment that doesn't apply to the REST API, as it's off by
 default. But in any case, this is the sort of thing that right now would
 be enabled by themes and plugins - we can always revisit in the future
 should third party experiences that involve unauthed commenting
 proliferate.

 Original GitHub discussion: https://github.com/WP-API/WP-API/pull/693

--
Ticket URL: <https://core.trac.wordpress.org/ticket/38855>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list