making the default install more secure
WordPress 2.6 will be more secure out-of-the box including better support for running the admin over SSL and changes to disable the remote publishing protocols by default.
We have choosen to disable Atom Publishing Protocol and the variety of XML-RPC protocols by default as they expose a potential to be a security risk. So from WordPress 2.6 onwards you will need to go into the Settings->Write page and enable them individually if you want to use them.
[...] has been addopted by WordPress that decided to block XMLRPC by default in WordPress 2.6. This is not such a big deal but you’ll have to actually enable it. It [...]
Wtf??? Did Microsoft buy WordPress? : 5ubliminal's TellinYa
June 27, 2008 at 3:53 pm
[...] ability to disable remote publishing for the security [...]
Wordpress 2.6 Beta 1 Released | Tenth Blog
June 27, 2008 at 8:03 pm
[...] can also preview themes before you actually use it. There were a lot of updates to make your install more secure, and tons more to enhance the user experience. I wasn’t really expecting to be all this giddy [...]
WordPress 2.6: A Sneak Peek » will.ph
June 27, 2008 at 9:52 pm
[...] XML RPC To Be Turned Off By Default [...]
WordPress Weekly Episode 21 Round 2 | Jeffro2pt0
June 27, 2008 at 11:17 pm
[...] セキュリティにより重きを置くためにリモートパブリッシングを無効にできる機能 [...]
WordPress 2.6ってどこがすごいの?
June 28, 2008 at 1:23 pm
[...] NEW (June 20): Admin SSL support — The WordPress 2.6 admin should be able to be visited via either HTTP (normal connection) or HTTPS (encrypted connection), with the option to make admin HTTPS mandatory. [via] [...]
wmafendi.com » Blog Archive » WordPress 2.6 Features
June 30, 2008 at 7:04 am
[...] ability to disable remote publishing for the security [...]
Wordpress keeps going, WP 2.6 is well on it’s way | nomad-one consulting
July 1, 2008 at 9:37 am
[...] ability to disable remote publishing for the security [...]
WordPress 2.6 Beta 1 | Business Directory|key of Healty-happy-long life
July 1, 2008 at 1:09 pm
[...] feathers. One of the changes that will make their appearance in WordPress 2.6 is the ability to disable remote publishing for those who are security [...]
Weblog Tools Collection » Blog Archive » Intricacies Of WordPress
July 1, 2008 at 1:36 pm
[...] starting with WordPress 2.6, access to the XMLRPC and AtomPub-based remote publishing interfaces will be disabled by default. Users who wish to use a remote client such as MarsEdit will have to go out of their way to enable [...]
Miami Web Servers » Blog Archive » WordPress To Disable Remote Access by Default
July 10, 2008 at 1:59 am
[...] The ability to disable remote publishing [...]
Wordpress 2.6 RC1 Released at NSpeaks
July 13, 2008 at 12:14 pm
[...] time to find vulnerabilities in your WordPress 2.5.1 blog. With the new version your blog will be more safe. And if you are still using more old versions, you definitely should [...]
Get Ready For WordPress 2.6 | UseShots Blog
July 14, 2008 at 8:51 am
[...] WordPress Security Enhancements [...]
WordPress 2.6: Launching Tonight
July 14, 2008 at 11:02 pm
Thanks for sharing. Disabling remote publishing by default hopefully will save a lot of headache.
WordPress is slowly becoming a safer platform.
Sherif
July 22, 2008 at 2:54 am
[...] отключения удаленных публикаций по соображениям [...]
Русский WordPress 2.6 (beta1) Lecactus Edition - Lecactus Home
September 25, 2008 at 5:25 pm
Takes 30 seconds or less to re-enable if needed. Can’t see the drama. Even on 2.7 – go to Settings, Writing – tick a box. Only if needed to use that feature.
Jason
December 5, 2008 at 11:50 pm
[...] 2.6 is going to join Movable Type in discriminating against blog clients—they are going to disable XML-RPC APIs by default. Users will have to enable them manually. (Movable Type requires you to use special API key instead [...]
WordPress 2.6 will have API disabled by default
December 18, 2008 at 10:03 am