[wp-xmlrpc] XMLRPC Security

Luke Mackenzie luke at lukem.co.uk
Mon May 24 08:19:07 UTC 2010


I've got a couple of questions regarding locking down XMLRPC access to Wordpress (2.9.2 MU)

Is the best way to do this by IP address in the .htaccess file / web server config?

Is it possible to only allow one user access to the XMLRPC endpoint?

Should / can the XMLRPC traffic be encrypted? I'm concerned that the user/pass are plain text in the POST operation. However, this may not be a problem if we lock access down by IP.

Many thanks,


More information about the wp-xmlrpc mailing list