James, agreed, but the 2 things I mentioned work with it turned off otherwise. It needs to go!īlogAid: I think Jetpack is still using XML-RPC behind the scenes here. I hard code XML-RPC off, as it is still the hacker’s fave way to brute force the login page. What little my client’s use of Jetpack (stats and VaultPress) doesn’t require XML-RPC. ~ posted by James Nylen: About plugin dependencies, see also Issues This means we need to solve plugin dependencies before we can really start removing stuff, and calculate our own dependencies for at least the most popular plugins. Still using Jetpack as an example: if someone requests to install Jetpack, we should prevent this unless the XML-RPC plugin is also installed (or auto-install it too). However, we’d still want to handle other plugins that depend on those features. I like the idea of moving less-used features out to plugins too. I like the idea of its being a core plugin. This improves the security profile of CP without breaking backwards-compatibility. XML-RPC should be moved to a core plugin if people need it they can enable it, if they don’t they can delete it. And of course I do realise that there are a bunch of people in love with that things, so that is why I said topic for a different discussion What I mean about Jetpack, the mere fact that you need a account for it to work and it is constantly talking to, means that I would be inclined to vote the whole thing as restricted, meaning: has no business on ClassicPress. Yes, I agree about investigating which plugins it would break. Before we can make any decision to remove or disable a feature, we need to know roughly which plugins it will break, and decide whether we are OK with that. Jetpack is a topic for a different discussion I think Let’s investigate which plugins this would break, especially widely used plugins. As this one already has votes, I don’t want to edit it anymore (if even possible), maybe open a new one that gives that option? I would prefer simply to have a simple on-off switch for XML-RPC, and for the default setting to be off. I actually use XML-RPC on my localhost test sites (though never on a live site). I think having a wide range of means of accessing CP will always be a good thing. I am not particularly keen on this one, unless there is a simple way to convert use of the XML-RPC spec to using the REST API.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |