[wp-hackers] Is disabling remote client access a good idea?

Brian Layman silverpaladin0 at gmail.com
Thu Jun 26 03:19:34 GMT 2008


On 6/24/08, Otto <otto at ottodestruct.com> wrote:
>
> The problem here is that it did not have any sort of off switch before
> now. So either you turn it off or you leave it enabled by default.
>
> Pick a side.
>
>
> -Otto
>
I disagree.  I don't think there is any reason to draw the line here.  Old
blogs can get grandfathered in having it turned on during the upgrade
process. New blogs have it turned on by default.  Don't bother putting in a
checkbox or anything in the upgrade process. When CrazyHorse comes out an
announcement can be added to the inbox that says "You have this on. If you
don't use it, turn it off." The blogger reads it, dismisses it and takes
action if they want to.  If the inbox implementation allows, it can have an
"Address this issue" link that connect to the page with the check box on it.

1. New blogs are safe

2. No one loses features

3. Bloggers are made aware of how to increase the security of their blog.

All concerns have been addressed.  Yes?

Brian Layman


More information about the wp-hackers mailing list