GD use of XML-RPC ?

This topic contains 8 replies, has 6 voices, and was last updated by  Stiofan O’Connor 9 years, 9 months ago.

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
  • Author
    Posts
  • August 8, 2014 at 10:45 pm #11433

    cnelsonjeffers
    Expired Member
    Post count: 27

    One security recommendation out there is to disable XML-RPC in WordPress. (requires a plugin or code hack).

    Is there any function in GD or any of its plugins that rely on XML-RPC?

    August 9, 2014 at 3:55 pm #11491

    Paolo
    Site Admin
    Post count: 31206

    I’m not 100% sure if it will affect your RSS. However, I think it won’t and you can disable it.

    Thx

    August 9, 2014 at 4:12 pm #11494

    Stiofan O’Connor
    Site Admin
    Post count: 22956

    We do not use it in any way, you can disable it simply by adding this one line of code to your child theme: (silly WP for enabling by default)

    add_filter('xmlrpc_enabled', '__return_false'); // disable xmlrpc api

    Thanks,

    Stiofan

    August 9, 2014 at 5:36 pm #11501

    cnelsonjeffers
    Expired Member
    Post count: 27

    Thanks. Just wanted to be sure I wouldn’t be breaking some function.

    I’ll watch and see if RSS is affected but I agree probably not since RSS is an outgoing feed and XML-RPC more of an inbound control.

    I dislike doing code hacks even in a child theme if I can avoid it. I much prefer to use plugins to do it dynamically. One that was recommended for the XML-RPC issue is Philip Erb’s “Disable XML-RPC”.

    There are apparently some that will turn off only certain parts of XML-RPC, but there seemed to be a consensus that leaving it half-off did not provide enough of a block to the security issue.

    August 10, 2014 at 1:32 am #11526

    purpleedge
    Expired Member
    Post count: 539

    Just wondering if the mobile app will make use of XML-RPC ?

    August 10, 2014 at 10:14 am #11541

    directory
    Expired Member
    Post count: 1502

    Hi Stiofan,

    Where exactly (or what file) in the child theme should I add the code? Will this be implemented anyway in the next release?

    August 10, 2014 at 10:17 am #11542

    czar
    Buyer
    Post count: 316

    I think functions.php

    August 10, 2014 at 10:36 am #11544

    directory
    Expired Member
    Post count: 1502

    Thank you, czar. I will add it there then. 🙂

    August 11, 2014 at 11:02 am #11617

    Stiofan O’Connor
    Site Admin
    Post count: 22956

    czar is correct, functions.php, and it will not be implemented in core as it is not our place, this wp api can be used by many other plugins there is no reason for us to want to disable it.

    Thanks,

    Stiofan

  • Author
    Posts
Viewing 9 posts - 1 through 9 (of 9 total)

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket