|Reported by:||PhoenixRises||Owned by:|
Currently, XMLRPC uses the functions login_pass_ok and user_pass_ok in ~/xmlrpc.php and ~/wp-includes/user.php respectively.
Using this method causes XML-RPC to use the WordPress default login method but does not take into account any other method that may be used.
This can be modified by removing the user_pass_ok function from user.php entirely and replacing the call in login_pass_ok with the pluggable wp_login (see diff file).
I have classed this as an optimzation as it does not in any way affect the functionality of XML-RPC.