making the default install more secure
June 20, 2008 67 Comments
WordPress 2.6 will be more secure out-of-the box including better support for running the admin over SSL and changes to disable the remote publishing protocols by default.
We have choosen to disable Atom Publishing Protocol and the variety of XML-RPC protocols by default as they expose a potential to be a security risk. So from WordPress 2.6 onwards you will need to go into the Settings->Write page and enable them individually if you want to use them.
About Peter Westwood
Pingback: Wtf??? Did Microsoft buy WordPress? : 5ubliminal's TellinYa
Pingback: Wordpress 2.6 Beta 1 Released | Tenth Blog
Pingback: WordPress 2.6: A Sneak Peek » will.ph
Pingback: WordPress Weekly Episode 21 Round 2 | Jeffro2pt0
Pingback: WordPress 2.6ってどこがすごいの?
Pingback: wmafendi.com » Blog Archive » WordPress 2.6 Features
Pingback: Wordpress keeps going, WP 2.6 is well on it’s way | nomad-one consulting
Pingback: WordPress 2.6 Beta 1 | Business Directory|key of Healty-happy-long life
Pingback: Weblog Tools Collection » Blog Archive » Intricacies Of WordPress
Pingback: Miami Web Servers » Blog Archive » WordPress To Disable Remote Access by Default
Pingback: Wordpress 2.6 RC1 Released at NSpeaks
Pingback: Get Ready For WordPress 2.6 | UseShots Blog
Pingback: WordPress 2.6: Launching Tonight
Thanks for sharing. Disabling remote publishing by default hopefully will save a lot of headache.
Wordpress is slowly becoming a safer platform.
Pingback: Русский WordPress 2.6 (beta1) Lecactus Edition - Lecactus Home
Takes 30 seconds or less to re-enable if needed. Can’t see the drama. Even on 2.7 – go to Settings, Writing – tick a box. Only if needed to use that feature.
Pingback: WordPress 2.6 will have API disabled by default