Opened 5 months ago
Closed 5 months ago
#63937 closed enhancement (wontfix)
disable xml-rpc by default on new install
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | XML-RPC | Keywords: | |
| Focuses: | performance, sustainability | Cc: |
Description
hi,
as the xmlrpc API is deprecated (xml-rpc.php), very hard on cpu ressources , and widly used by bot to attack WP users by dictionary attacks. I think it would make sense as security standpoint and sustainability standpoint to disable xmlrpc API by default on new installs.
It would let the settings as it is on upgrade but the default for new install would be off.
it's deprecated since 10 years now so it would be even something that could be completly removed or at least diabled on new installs.
best regards,
Ghislain.
Change History (1)
Note: See
TracTickets for help on using
tickets.
Thanks for the report @aqueos but XML-RPC isn't deprecated. It's used by the WordPress apps for Android and iOS.