WordPress.org

Ready to get started?Download WordPress

Plugin Reviews

Secure XML-RPC

More secure wrapper for the WordPress XML-RPC interface.

1 review
Average Rating
5 stars
5 out of 5 stars
5 stars
Must have when using WordPress XMLRPC API
By , for WP 3.9.2

In general, it's good that the WordPress XMLRPC API is enabled per default in order to allow more integrated Web platforms and software, but the username/password authentication mechanism makes a WordPress installation very vulnerable to brute force and dictionary attacks, and even primitive network sniffing if HTTPS isn't used. Hashing a private authentication key as provided with this plugin should be a minimum requirement for any use of WordPress XMLRPC and is very important to prevent easy take-over of user accounts.

You must log in to submit a review. You can also log in or register using the form near the top of this page.