[wp-hackers] Is disabling remote client access a good idea?

Evil ZEN Scientist martin at gonetoutah.com
Tue Jun 24 20:35:53 GMT 2008


So long as this is documented and part of the 'read this before you 
upgrade' - then it's probably a reasonable change.

There have been a few people bitten in the past few upgrades by not 
reading the readme.. I think the comment on getting a note in the 
dashboard would be nice too.

Also Windows Live Writer uses the xmlrpc interface - that's free; and 
works really well with WP.

Daniel Jalkut wrote:
>
> It recently came to my attention that WordPress is planning to disable 
> the XMLRPC and AtomPub based interfaces by default in 2.6.
>
> This decision rubs me the wrong way, and I want to start a dialog here 
> to see if others agree (or disagree for that matter!).
>
> My thoughts are, in summary, that this is a short-sighted attempt to 
> prevent uncertain security risks, and has negative downsides that will 
> affect WordPress users, remote app developers, and even has the 
> potential to injure WordPress's reputation as an easy, elegant, and 
> secure solution.
>
> I wrote more extensively on my blog:
>
> http://www.red-sweater.com/blog/512/wordpress-to-disable-remote-access
>
> WIthin just a few minutes of writing this post and tweeting about it, 
> I received several Twitter replies. Granted, these are people who are 
> following me on Twitter and are therefore more likely to agree with 
> and be sympathetic with my views. But I think it's worth considering 
> the possibility that this is but a small indicator of how the public 
> as a whole will react to the change when and if it goes public:
>
> fraserspeirs: @danielpunkass Implies a lack of confidence in their own 
> code. Windows-esque.
>
> joemaller: @danielpunkass toggling a setting is easier than fixing the 
> codebase. feels weak.
>
> aslakr: @danielpunkass WTF! That seems rather short sighted.
>
> onecrayon: @danielpunkass Screw that! Any way to give negative 
> feedback on that change to WordPress?
>
> psionic: @danielpunkass Agree w/Jalkut: not only is disabling 
> WordPress's WS by default a step backwards, the web UI should eat its 
> own WS dogfood.
>
> I look forward to hearing the thoughts of others on this subject.
>
> Daniel
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list