WordPress xmlrpc.php considered continually dangerous

It seems that for years I’ve been upgrading wordpress, and usually a security bug in xmlrpc.php is mentioned.
The latest update, 2.3.3, has a typical line:

…a flaw was found in the XML-RPC implementation…

Besides upgrading whenever I notice the problem, my attempt an additional measure of safety is:

chmod 000 xmlrpc.php

Or maybe:

mv xmlrpc.php xmlrpc.BAD
touch xmlrpc.php
chmod 000 xmlrpc.php xmlrpc.BAD

I think ultimately the only hope is to run a blog on a hosted service. Manually performing upgrades gets old.

Leave a Reply »»