Comments on: WordPress to Disable XMLRPC by Default? http://www.cogniview.com/convert-pdf-to-excel/post/wordpress-to-disable-xmlrpc-by-default/ Excel(lent) Stuff Thu, 29 Jul 2010 14:42:59 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Cimmeron http://www.cogniview.com/convert-pdf-to-excel/post/wordpress-to-disable-xmlrpc-by-default/comment-page-1/#comment-93452 Cimmeron Tue, 29 Jul 2008 22:56:02 +0000 http://www.cogniview.com/convert-pdf-to-excel/?p=219#comment-93452 Wordpress 2.6 is supposed to (rumor has it) fix the potential of a SQL injection attack. I wonder if this has to do with the XMLRPC? I cannot seem to find any information anywhere on Wordpress.org that specifically addresses the huge issue this caused recently. Maybe they don't want to admit to such a huge hole? or am I just missing something? :) Wordpress 2.6 is supposed to (rumor has it) fix the potential of a SQL injection attack. I wonder if this has to do with the XMLRPC? I cannot seem to find any information anywhere on Wordpress.org that specifically addresses the huge issue this caused recently. Maybe they don’t want to admit to such a huge hole? or am I just missing something? :)

]]> By: Nik http://www.cogniview.com/convert-pdf-to-excel/post/wordpress-to-disable-xmlrpc-by-default/comment-page-1/#comment-84270 Nik Thu, 03 Jul 2008 08:44:48 +0000 http://www.cogniview.com/convert-pdf-to-excel/?p=219#comment-84270 While I'm not clued up about the finer details of XMLRPC, almost every feature you have in software is a potential security threat. A feature that allows remote administration incredibly so. Simply put, the fewer features like that, the less hackable you are, as the (jargon alert) "attack vector" is reduced. Some horrible attacks (Code Red for example) have occurred due to seemingly innocuous features. It's just good practice to start with only what you need, and open features as required. I can understand Ecto's point of view, but on the whole, if people loose faith in Wordpress, that doesn't help them either. If I recall correctly, there have been at least one serious wordpress vulnerability recently, so they're probably trying to make sure it doesn't happen again. While I’m not clued up about the finer details of XMLRPC, almost every feature you have in software is a potential security threat. A feature that allows remote administration incredibly so.

Simply put, the fewer features like that, the less hackable you are, as the (jargon alert) “attack vector” is reduced.

Some horrible attacks (Code Red for example) have occurred due to seemingly innocuous features.

It’s just good practice to start with only what you need, and open features as required.

I can understand Ecto’s point of view, but on the whole, if people loose faith in Wordpress, that doesn’t help them either.

If I recall correctly, there have been at least one serious wordpress vulnerability recently, so they’re probably trying to make sure it doesn’t happen again.

]]>