[wp-hackers] Is disabling remote client access a good idea?

Dan Coulter dan at dancoulter.com
Tue Jun 24 19:49:48 GMT 2008

On Tue, Jun 24, 2008 at 2:30 PM, Daniel Jalkut <jalkut at red-sweater.com>

> fraserspeirs: @danielpunkass Implies a lack of confidence in their own
> code. Windows-esque.

They aren't implying, he's inferring.

It's common to disable services that you don't use.  If you have a Linux web
server, you will only open up the services to the outside world that you
actually need.  Don't need FTP? Disable it.  Don't need SSH? Disable it.  I
think that is the thinking here.  Reduce the possible vectors of attack.

I don't know what kind of stats there are about how many people use these
interfaces. Anecdotally, I mentioned this change in an IRC chat and one of
my friends said "huzzah!" This is a friend who has been simply deleting
those interfaces every time he upgrades WordPress, because he has had
security problems in the past (the distant past, in WP terms).

Dan Coulter

Hey, I got nothing to do today but smile
-Simon and Garfunkel

More information about the wp-hackers mailing list