Happy to report that I’m back to writing more about WordPress. Today, the WPMUDev blog published a new story of mine on the security tradeoffs involved in using the XML-RPC support in WordPress core.

XML-RPC and Why It’s Time to Remove it for WordPress Security

What’s the problem with XML-RPC?

You’ll learn about the reasons for and history of Remote Process Calls in WordPress and other blogging platforms. You’ll also learn how to protect your site if you happen to like some of the tools that use XML-RPC.English: WordPress Logo

It’s not a fear-mongering story, with some practical advice, and a look to the not-too-distant future when the WordPress REST Application Programming Interface fixes this problem. Go check out the story. Participate in the discussion. Share the link with your networks. Let me know what you think, too.

6 thoughts on “WPMU: Enhance WordPress Security – Fix XML-RPC

    • Anne,
      Short answer: Maybe not. Two things to be aware of:

      • If you use either the Jetpack plugin on your site, or you use the WordPress mobile app to access your site, this issue affects you. BUT
      • If you have a security plugin like iThemes Security, it will protect you very effectively.

      If you follow the link to the post on WPMU, you’ll see a much more detailed (and less technical) explanation of what’s going on. Look for the section “What Can I Do About XML-RPC Security?”

      Let me know if you have other questions.

Answer my questions, ask your own, or speak your peace

This site uses Akismet to reduce spam. Learn how your comment data is processed.