WordPress 2.6 will be more secure out-of-the box including better support for running the admin over SSL and changes to disable the remote publishing protocols by default.
We have choosen to disable Atom Publishing Protocol and the variety of XML-RPC protocols by default as they expose a potential to be a security risk. So from WordPress 2.6 onwards you will need to go into the Settings->Write page and enable them individually if you want to use them.
67 thoughts on “making the default install more secure”
Thanks for sharing. Disabling remote publishing by default hopefully will save a lot of headache.
Wordpress is slowly becoming a safer platform.
Takes 30 seconds or less to re-enable if needed. Can’t see the drama. Even on 2.7 – go to Settings, Writing – tick a box. Only if needed to use that feature.
Comments are closed.