[wp-xmlrpc] Restricting available methods on a per blog basis

Joseph Scott joseph at josephscott.org
Wed Sep 15 15:33:26 UTC 2010


In the same way that you can add XML-RPC methods using that filter,
you can also remove them.  If you hook into that filter and then do
your tests against blog_id (or some other parameter) to see what, if
any, methods should be removed.

On Wed, Sep 15, 2010 at 4:21 AM, luke Mackenzie <luke at lukem.co.uk> wrote:
> I am using the xmlrpc_methods filter to add custom XMLRPC methods to my WPMU
> 2.9.2 install in an MU plugin. I'd like to restrict the available methods on
> a per blog basis so that if the endpoint being called is
> mydomain.com/blogname/xmlrpc.php, only a subset of methods are exposed. The
> concern is one of security so that a particular endpoint cannot be used to
> influence, for example, voting results.
> My initial thought was that I could use the REQUEST_URI and or the
> REMOTE_ADDR vars in $_SERVER and switch on those in my xmlrpc_methods
> function. We'll also be migrating to WP3 soon so it would be useful to know
> if any relevant functionality exists in the later version.



-- 
Joseph Scott
joseph at josephscott.org
http://josephscott.org/


More information about the wp-xmlrpc mailing list