WP Tavern › Forums › Create Topic
Andreas Nurbo @Ryan Hellyer, @Robert Lilly – Making this OS had not resolved this issue. This issue is that he uses the xmlrpc functionality and that will always make the password info public if the site is not on https. All tools that uses xmlrpc are subject to man in the middle, wireless packet sniffing and so forth. Same as when you login using the browser. XML-RPC really should use alternate method to verify account info. So ppl complaining about this really should get the info correct first. Personally think he should make a plugin to handle the info, would be little more “secure”, so not use the default unsecure xmlrpc functionality. Thought that was the case from the get go. Essentially complaining about this is the same as saying that WordPress is insecure. Unless I’ve missunderstood something.
Andreas Nurbo
@Ryan Hellyer, @Robert Lilly – Making this OS had not resolved this issue. This issue is that he uses the xmlrpc functionality and that will always make the password info public if the site is not on https. All tools that uses xmlrpc are subject to man in the middle, wireless packet sniffing and so forth. Same as when you login using the browser. XML-RPC really should use alternate method to verify account info. So ppl complaining about this really should get the info correct first. Personally think he should make a plugin to handle the info, would be little more “secure”, so not use the default unsecure xmlrpc functionality. Thought that was the case from the get go. Essentially complaining about this is the same as saying that WordPress is insecure. Unless I’ve missunderstood something.
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content
