WordPress 2.6 will be more secure out-of-the box including better support for running the admin over SSL and changes to disable the remote publishing protocols by default.
We have choosen to disable Atom Publishing Protocol and the variety of XML-RPC protocols by default as they expose a potential to be a security risk.
Peter Westwood, a Lead Developer for WordPress, revealed they are making the default install more secure. This will go a long way to making WordPress more secure. If your security consciousness has the dial tuned closer to the paranoid end of the spectrum, then check out Blog Security’s WordPress Security Whitepaper, which lists out many things you can do to lock down your self-hosted blog, and keep out the baddies.
0 Response to “Better Default Security in WordPress 2.6”