[wp-xmlrpc] XMLRPC Security
Luke Mackenzie
luke at lukem.co.uk
Mon May 24 08:19:07 UTC 2010
Hi,
I've got a couple of questions regarding locking down XMLRPC access to Wordpress (2.9.2 MU)
Is the best way to do this by IP address in the .htaccess file / web server config?
Is it possible to only allow one user access to the XMLRPC endpoint?
Should / can the XMLRPC traffic be encrypted? I'm concerned that the user/pass are plain text in the POST operation. However, this may not be a problem if we lock access down by IP.
Many thanks,
Luke.
More information about the wp-xmlrpc
mailing list