WordPress 2.6 to Disable Remote Access by Default

MarsEdit author Daniel Jalkut on the WordPress team’s decision to disable remote API access by default in the name of security:

Also worth considering: if a service is disabled by default for security considerations, what message does that send to people who choose to, or who are encouraged to turn the service back on? It sets up a perception of insecurity which may not even be warranted. If the remote publishing interfaces are insecure, they should be fixed, not merely disabled!

Tuesday, 24 June 2008