[wp-hackers] Is disabling remote client access a good idea?

Daniel Jalkut jalkut at red-sweater.com
Tue Jun 24 19:30:44 GMT 2008

It recently came to my attention that WordPress is planning to disable  
the XMLRPC and AtomPub based interfaces by default in 2.6.

This decision rubs me the wrong way, and I want to start a dialog here  
to see if others agree (or disagree for that matter!).

My thoughts are, in summary, that this is a short-sighted attempt to  
prevent uncertain security risks, and has negative downsides that will  
affect WordPress users, remote app developers, and even has the  
potential to injure WordPress's reputation as an easy, elegant, and  
secure solution.

I wrote more extensively on my blog:


WIthin just a few minutes of writing this post and tweeting about it,  
I received several Twitter replies. Granted, these are people who are  
following me on Twitter and are therefore more likely to agree with  
and be sympathetic with my views. But I think it's worth considering  
the possibility that this is but a small indicator of how the public  
as a whole will react to the change when and if it goes public:

fraserspeirs: @danielpunkass Implies a lack of confidence in their own  
code. Windows-esque.

joemaller: @danielpunkass toggling a setting is easier than fixing the  
codebase. feels weak.

aslakr: @danielpunkass WTF! That seems rather short sighted.

onecrayon: @danielpunkass Screw that! Any way to give negative  
feedback on that change to WordPress?

psionic: @danielpunkass Agree w/Jalkut: not only is disabling  
WordPress's WS by default a step backwards, the web UI should eat its  
own WS dogfood.

I look forward to hearing the thoughts of others on this subject.


More information about the wp-hackers mailing list