WordPress.org

Plugin Reviews

Secure XML-RPC

More secure wrapper for the WordPress XML-RPC interface.

2 reviews
Average Rating
3 out of 5 stars
Secure fail ?
By ,

This plugin has been hacked on a client website...

Must have when using WordPress XMLRPC API
By , for WP 3.9.2

In general, it's good that the WordPress XMLRPC API is enabled per default in order to allow more integrated Web platforms and software, but the username/password authentication mechanism makes a WordPress installation very vulnerable to brute force and dictionary attacks, and even primitive network sniffing if HTTPS isn't used. Hashing a private authentication key as provided with this plugin should be a minimum requirement for any use of WordPress XMLRPC and is very important to prevent easy take-over of user accounts.

You must log in to submit a review. You can also log in or register using the form near the top of this page.