making the default install more secure

WordPress 2.6 will be more secure out-of-the box including better support for running the admin over SSL and changes to disable the remote publishing protocols by default.

We have choosen to disable Atom Publishing Protocol and the variety of XML-RPC protocols by default as they expose a potential to be a security risk.  So from WordPress 2.6 onwards you will need to go into the Settings->Write page and enable them individually if you want to use them.

67 thoughts on “making the default install more secure

  1. What will this mean for people who use desktop apps to write blog posts locally and then upload/edit them from apps like MarsEdit?

  2. This seems like a mistake to just disable the APP and XML-RPC interfaces rather than fixing them. Is there something inherently insecure about those interfaces? I think this issue needs further investigation at least.

Comments are closed.