Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

Update on WordPress blog APIs

I mentioned previously that the XML-RPC and Atom blog APIs would be disabled by default when WordPress 2.6 is released. This was a matter of some debate within the community, and there has been some clarification:

  • The APIs will not be automatically disabled for sites upgrading from older versions. Since the APIs have previously been ‘on’ by default, they will continue to function.
  • For new installs of WordPress 2.6 and later, there will be an option presented at install-time to enable the APIs. Or not. They seem to have removed that between Beta 1 and Beta 2.
  • There will be options in the Write settings to enable or disable XML-RPC posting and Atom API posting individually.

This sounds like the most reasonable path to make this change without causing disruption for those who have been using client tools like Ecto, MarsEdit, or Windows Live Writer (or third-party web services which can post to blogs, like Flickr or Delicious) to post to their blogs.

Also, though this change is being made under the moniker of a security improvement, that is not to imply that the current API code is not secure. It is simply a pretty standard practice to turn off services that are not used, just as when building a dedicated email server, you wouldn’t turn on FTP unless you absolutely needed it. Stats from have shown that only about 5% of its users utilize the client APIs, so it doesn’t make sense to automatically turn it on for the 95% who aren’t using them.

About Dougal Campbell

Dougal is a web developer, and a "Developer Emeritus" for the WordPress platform. When he's not coding PHP, Perl, CSS, JavaScript, or whatnot, he spends time with his wife, three children, a dog, and a cat in their Atlanta area home.
This entry was posted in Announcements, Atom, Blogging, Community, WordPress and tagged , , , , , , , , , , , . Bookmark the permalink.