[wp-hackers] Is disabling remote client access a good idea?
Dan Coulter
dan at dancoulter.com
Wed Jun 25 04:19:32 GMT 2008
On Tue, Jun 24, 2008 at 10:52 PM, Daniel Jalkut <jalkut at red-sweater.com>
wrote:
> When you consider the number of distinct HTTP POST access points into a
> typical WordPress blog, all secured by a cookie-type authentication, it
> makes the SINGLE POINT access via the xmlrpc.php URL seem rather easy to
> manage and to secure, by comparison.
>
Most (possibly all) of POST calls on the admin side are also secured with a
nonce.
--
Dan Coulter
http://dancoulter.com/
http://phpflickr.com/
http://blogsforbands.com/
Hey, I got nothing to do today but smile
-Simon and Garfunkel
More information about the wp-hackers
mailing list