[wp-hackers] XML-RPC anonymous comments wordpress.com

Senica Gonzalez senica at gmail.com
Sat Feb 6 05:08:36 UTC 2010

Hey there,

I posted the following on the wordpress.com forums and tbol3 sent me over to
you guys for help.

The pretty version of this question is located here:

I have done tons of research today, but apparently I'm just not getting the
right answer. Today is my first day using XML-RPC. Piece of cake.

I was able to do a Trackback, a PingBack, and various XML-RPC calls with
different APIs to my blog. The one thing that I cannot seem to be able to do
is add an anonymous comment to my blog remotely.

I have seen where other people have asked this question, and Jonathan has
said that it was covered in the XML-RPC API. Basically, mentioning that if
you leave the username and password blank, it will work.....It doesn't. At
least not in my case. I always get:

faultCode 403 faultString Bad login/pass combination.

Here is the request I'm sending:

$request = ' <?xml version="1.0" encoding="utf-8"?> <methodCall>
<methodName>wp.newComment</methodName> <params> <param>
<value><string>{password}</string></value> <value><int>20</int></value>
<value> <struct> <member> <name>comment_parent</name>
<value><int></int></value> </member> <member> <name>content</name>
<value><string>Test1</string></value> </member> <member> <name>author</name>
<value><string>Ogglabas</string></value> </member> <member>
<name>author_url</name> <value><string></string></value> </member> <member>
<name>author_email</name> <value><string>senica at gmail.com</string></value>
</member> </struct> </value> </param> </params> </methodCall>

 If I have a username and password in there...it works perfect. The only
problem is, it shows "me" as the poster, whereas I want to allow people to
post comments to my blog from my other website as well and have "their" name
show up as the poster.

As already mentioned, if I take the username and password out....no dice.

 Also, I wanted to mention before someone posts on here....Apparently, there
is a way to enable_anonymous_xml_rpc...or something to that affect, if I was
running Word Press on my own server.

This is not the case, and not an option for me.

And if someone says that it is a security issue....well, seems like
trackbacks wouldn't be allowed either. At least with this, you can make the
user put in their email address and a name.

This is an important feature to have if it is not already enabled.

Thanks for the help ahead of time!

More information about the wp-hackers mailing list