Support » Plugin: Secure XML-RPC » Must have when using WordPress XMLRPC API

  • In general, it’s good that the WordPress XMLRPC API is enabled per default in order to allow more integrated Web platforms and software, but the username/password authentication mechanism makes a WordPress installation very vulnerable to brute force and dictionary attacks, and even primitive network sniffing if HTTPS isn’t used. Hashing a private authentication key as provided with this plugin should be a minimum requirement for any use of WordPress XMLRPC and is very important to prevent easy take-over of user accounts.

  • The topic ‘Must have when using WordPress XMLRPC API’ is closed to new replies.