[wp-hackers] Is disabling remote client access a good idea?

Stephen Rider wp-hackers at striderweb.com
Tue Jun 24 21:15:10 GMT 2008

On Jun 24, 2008, at 2:57 PM, Aaron Brazell wrote:

> Suggest that if it stays turned off by default... that there be some  
> sort of notice in wp-admin (admin_notices hook?) to alert recent  
> upgraders of this setting.

Okay, there is a huge, ***HUGE*** difference between

1) turned off by default on new installs, and

2) silently turning it off on existing installations where it has been  

Which are we talking about here?

I have no problem with changing the default for people installing for  
the first time.  I _do_ have an issue with turning it OFF for people  
who previously had it ON.

If we want to undertake a public campaign of recommending that people  
turn it off if they don't use it, that's just fine.  I would even take  
part with my blog.  But if you just turn it off when people aren't  
looking that will mess  up a lot of people who just want things to work.

As for MarsEdit and such, it is probably not too much trouble for them  
to include some sort of notice to check that such and such is set  
within WordPress; but again this should only really happen to people  
doing initial set up.

We do _not_ want a bunch of people upgrading to 2.6 and crying "this  
is broken -- it worked before!!!"  That kind of thing will foster a  
difficult-to-live-down reputation for unreliability.


Stephen Rider

More information about the wp-hackers mailing list