Comments on: WordPress To Disable Remote Access

By: Voks

Voks — Sat, 27 Sep 2008 19:45:20 +0000

Isn’t it just possible to find a module for wordpress which allows API approach?

By: Haiming

Haiming — Thu, 25 Sep 2008 23:10:01 +0000

How to enable wordpress remote access? I have just installed a wordpress new version, and have the trouble to setup XML-RPC services.

By: Jerry Henderson

Jerry Henderson — Thu, 25 Sep 2008 01:03:37 +0000

Wow. It requires checking exactly one radio button. Why all the fuss, Russ?

By: I Wordpress Themes

I Wordpress Themes — Tue, 05 Aug 2008 14:09:12 +0000

As for the security the idea of WP developers is not really good. As for the convenience of using the service it is not good too, especially for the users. I still do not understand the point of this innovation.

By: Taybin

Taybin — Mon, 30 Jun 2008 22:34:35 +0000

@drew

all is forgiven. please come home. :)

By: Doug Stewart

Doug Stewart — Fri, 27 Jun 2008 13:05:08 +0000

Christina: Revision 8202 takes care of the messages. XML-RPC now tosses:

$this->error = new IXR_Error( 405, sprintf( __( ‘XML-RPC services are disabled on this blog. An admin user can enable them at %s’), admin_url(‘options-writing.php’) ) );

while APP tosses:

$this->not_allowed( ‘AtomPub services are disabled on this blog. An admin user can enable them at ‘ . admin_url(‘options-writing.php’) );

Brief, yes, but instructive, I think. Hopefully it’s enough.

By: Julik

Julik — Fri, 27 Jun 2008 11:07:15 +0000

Wonderful. Of course it’s much easier to axe some setting instead of implementing something useful (like HTTP digest authentication around the RPC backend).

By: Christina Warren

Christina Warren — Thu, 26 Jun 2008 20:31:55 +0000

Daniel,
Dude, that sucks. *sigh* indeed. I would rant about it, but I’m sure you’ve been there/done that. I do hope they include a HELPFUL error message so that users who upgrade and don’t spend their life following WordPress development can easily enable remote blogging.

By: Daniel Jalkut

Daniel Jalkut — Thu, 26 Jun 2008 19:06:14 +0000

Christina: the bad news is that the WP team has since decided to yank that option from the startup process. They’re afraid it will cause too many users to inadvertently turn it on (sigh).

But the good news is that they are talking now about putting an error message in for blog clients that attempt to connect, so that at least the user will have a chance of understanding why the client is not working as they expect.

By: Christina Warren

Christina Warren — Thu, 26 Jun 2008 18:57:12 +0000

Daniel,

After I read your post, I was pretty peeved (for the same reasons you mentioned). Semantical arguments about the security benefits of default disabling aside (I don’t care), having to go through an extra step just so I can post in my blog — while a minor inconvenience — makes me worried about the long-term API support. And of course, is just one more thing I have to keep in my arsenal when doing unpaid tech support for friends/family who use WordPress and a blogging client.

That said, if 2.6beta1 is any indication, for new installs anyway (upgrades didn’t get a notice but I also didn’t check to see if it disabled the feature by default) DO ask if you want to enable/disable remote blogging. The check box is unchecked, but it is there during the standard WordPress install screen. That, I can live with. If the same sort of screen could appear to upgrade users too — informing them of the change and letting them say yes or no (it could be on the upgrade.php page), this won’t be a huge deal for existing users.

As for users who are installing WP for the first time, yes, it’ll require more work to get MarsEdit and others to work out of the box, but at least the setting is easy to find.

Check it out: http://img.skitch.com/20080626-tumdstx1jh8ma8×4hdyjc12ych.png