making the default install more secure

wordpress,

WordPress 2.6 will be more secure out-of-the box including better support for running the admin over SSL and changes to disable the remote publishing protocols by default.

We have choosen to disable Atom Publishing Protocol and the variety of XML-RPC protocols by default as they expose a potential to be a security risk.  So from WordPress 2.6 onwards you will need to go into the Settings->Write page and enable them individually if you want to use them.

67 thoughts on “making the default install more secure

  1. Pingback: Wtf??? Did Microsoft buy WordPress? : 5ubliminal's TellinYa
  2. Pingback: Wordpress 2.6 Beta 1 Released | Tenth Blog
  3. Pingback: WordPress 2.6: A Sneak Peek » will.ph
  4. Pingback: WordPress Weekly Episode 21 Round 2 | Jeffro2pt0
  5. Pingback: WordPress 2.6ってどこがすごいの?
  6. Pingback: wmafendi.com » Blog Archive » WordPress 2.6 Features
  7. Pingback: Wordpress keeps going, WP 2.6 is well on it’s way | nomad-one consulting
  8. Pingback: WordPress 2.6 Beta 1 | Business Directory|key of Healty-happy-long life
  9. Pingback: Weblog Tools Collection » Blog Archive » Intricacies Of WordPress
  10. Pingback: Miami Web Servers » Blog Archive » WordPress To Disable Remote Access by Default
  11. Pingback: Wordpress 2.6 RC1 Released at NSpeaks
  12. Pingback: Get Ready For WordPress 2.6 | UseShots Blog
  13. Pingback: WordPress 2.6: Launching Tonight

  14. Thanks for sharing. Disabling remote publishing by default hopefully will save a lot of headache.
    Wordpress is slowly becoming a safer platform.

  15. Pingback: Русский WordPress 2.6 (beta1) Lecactus Edition - Lecactus Home

  16. Takes 30 seconds or less to re-enable if needed. Can’t see the drama. Even on 2.7 – go to Settings, Writing – tick a box. Only if needed to use that feature.

  17. Pingback: WordPress 2.6 will have API disabled by default

Comments are closed.