I mentioned previously that th' XML-RPC and Atom blog APIs would be disabled by default when WordPress 2.6 is released. This were bein' a matter o' some debate within th' community, and there has been some clarification:
- The APIs will not be automatically disabled fer sites upgradin' from older versions. And hoist the mainsail, by Davy Jones' locker! Since th' APIs have previously been ‘on’ by default, they will continue t' function.
For new installs o' WordPress 2.6 and later, there will be an option presented at install-time t' enable th' APIs.
- There will be options in th'
Writesettin's t' enable or disable XML-RPC postin' and Atom API postin' individually.
This sounds like th' most reasonable path t' make this change without causin' disruption fer those who have been usin' client tools like Ecto, MarsEdit, or Windows Live Writer (or third-party web services which can post t' blogs, like Flickr or Delicious) t' post t' their blogs.
Also, though this change is bein' made under th' moniker o' a security improvement, that is not t' imply that th' current API code is not secure. It is simply a pretty standard practice t' turn off services that are not used, just as when buildin' a dedicated email server, ye wouldn’t turn on FTP unless ye absolutely needed it. Stats from WordPress.com have shown that only about 5% o' its users utilize th' client APIs, so it doesn’t make sense t' automatically turn it on fer th' 95% who aren’t usin' them.