[wp-hackers] Is disabling remote client access a good idea?
jalkut at red-sweater.com
Tue Jun 24 19:30:44 GMT 2008
It recently came to my attention that WordPress is planning to disable
the XMLRPC and AtomPub based interfaces by default in 2.6.
This decision rubs me the wrong way, and I want to start a dialog here
to see if others agree (or disagree for that matter!).
My thoughts are, in summary, that this is a short-sighted attempt to
prevent uncertain security risks, and has negative downsides that will
affect WordPress users, remote app developers, and even has the
potential to injure WordPress's reputation as an easy, elegant, and
I wrote more extensively on my blog:
WIthin just a few minutes of writing this post and tweeting about it,
I received several Twitter replies. Granted, these are people who are
following me on Twitter and are therefore more likely to agree with
and be sympathetic with my views. But I think it's worth considering
the possibility that this is but a small indicator of how the public
as a whole will react to the change when and if it goes public:
fraserspeirs: @danielpunkass Implies a lack of confidence in their own
joemaller: @danielpunkass toggling a setting is easier than fixing the
codebase. feels weak.
aslakr: @danielpunkass WTF! That seems rather short sighted.
onecrayon: @danielpunkass Screw that! Any way to give negative
feedback on that change to WordPress?
psionic: @danielpunkass Agree w/Jalkut: not only is disabling
WordPress's WS by default a step backwards, the web UI should eat its
own WS dogfood.
I look forward to hearing the thoughts of others on this subject.
More information about the wp-hackers