Daniel Jalkut Bashes WordPress 2.6 XMLRPC Decision

Daniel Jalkut is the creator current developer and owner of Mac blog application MarsEdit (a great one, by the way), so it should come as no surprise that he’s a bit pissed about the fact that XMLRPC will be disabled by default in WordPress 2.6. For those who doesn’t know, XMLRPC is the way outside applications can communicate with WordPress.

Naturally, disabling XMLRPC in WordPress 2.6 isn’t done in a swipe at outside applications, there is a reason of course.

Peter Westwood, aka Westi, explains:

We have choosen to disable Atom Publishing Protocol and the variety of XML-RPC protocols by default as they expose a potential to be a security risk. So from WordPress 2.6 onwards you will need to go into the Settings->Write page and enable them individually if you want to use them.

I’m a bit surprised by the hurrah’s in the comments to Peter’s post. Sure, security issues is something everyone want addressed, but obviously this will leave a lot of users stranded and frustrated as to why their desktop blogging application of choice suddenly won’t be able to authenticate with their newly upgraded WordPress blog. Or will perhaps XMLRPC be turned on per default if you’re doing an upgrade?

See Also

Daniel Jalkut’s post is worth a read, and it is not just bashing but also pointers for a different solution to this problem. This, however, is key for the whole XMLRPC decision, and why I personally believe that it is a bad one:

Also worth considering: if a service is disabled by default for security considerations, what message does that send to people who choose to, or who are encouraged to turn the service back on? It sets up a perception of insecurity which may not even be warranted. If the remote publishing interfaces are insecure, they should be fixed, not merely disabled!

If XMLRPC is such a security issue right now, then by all means disable it by default, and tell the users that they need to enable it. And by telling the users I mean flash it in their face, because a lot of people won’t understand that they need to turn it on, not all users are sure what they’re doing. But in the long run, I completely agree with Daniel’s statement above. Disabling isn’t a solution, fixing it is.

Neuroscientist reveals a new way to manifest more financial abundance

Breakthrough Columbia study confirms the brain region is 250 million years old, the size of a walnut and accessible inside your brain right now.

Learn More

Picture of Thord Daniel Hedengren

Thord Daniel Hedengren

Thord Daniel Hedengren is a designer, writer, and blogger, and also the former editor of The Blog Herald. He used to be a hotshot in the gaming industry in Sweden, but sold everything and went International. Most recently he wrote a book called Smashing WordPress: Beyond the Blog, and does loads of kickass design.

RECENT ARTICLES

TRENDING AROUND THE WEB

7 signs you’re in a relationship with someone who lacks emotional depth

7 signs you’re in a relationship with someone who lacks emotional depth

Baseline

10 personality traits of men who show true loyalty in a relationship

10 personality traits of men who show true loyalty in a relationship

Global English Editing

10 signs you’re giving way too much and your partner is taking advantage of it

10 signs you’re giving way too much and your partner is taking advantage of it

Small Business Bonfire

4 zodiac signs who are definitely on the right path in life

4 zodiac signs who are definitely on the right path in life

Baseline

7 clever ways to show a master manipulator you won’t play their games

7 clever ways to show a master manipulator you won’t play their games

Small Business Bonfire

10 subtle signs you are actually an extremely likable person

10 subtle signs you are actually an extremely likable person

Global English Editing