[wp-xmlrpc] Comments API
Joseph Scott
joseph at randomnetworks.com
Tue Aug 5 15:07:44 GMT 2008
On Aug 5, 2008, at 7:38 AM, Alex Forrow wrote:
> The changes you've made look excellent, though I'm concerned that
> anonymous commenting is being neglected here. Although a lot of
> XMLRPC use is blog authors manipulating their blogs remotely, use
> of the interface by 3rd parties for services such as commenting and
> pingbacks is something thats only going to get more popular. I
> believe anonymous commenting via XMLRPC should be enabled by
> default, just as commenting via the form is.
>
> In terms of security, its fair to say that allowing commenting via
> XMLRPC is no more risky than allowing commenting via the standard
> form POST action. Also, as with WordPress 2.6, XMLRPC is disabled
> by default, so requiring a plugin to enable anonymous commenting is
> only adding another hurdle for blog owners to cross if they want to
> enable this feature. I appreciate opening another possible entry
> point for spam is not ideal, but more would be lost by cutting
> these blogs off from the potential of receiving comments from
> external sources.
This is only true for certain conditions. There are a number of
plugins that add items to the comment form/page that make it harder
for spammers to get through. Blogs that use those plugins this would
be a step backwards, which we are trying to avoid.
I've got back and forth on this, but as someone who gets 5 tons of
spam on his personal blog, we've got to come up with way to help
distributed comments, that doesn't involve open another spam flood gate.
--
Joseph Scott
joseph at randomnetworks.com
http://joseph.randomnetworks.com/
More information about the wp-xmlrpc
mailing list