Monthly Archives: July 2005

XML-RPC Vulnerability

To clarify for all the confused people WordPress is not affected by the recent XML-RPC problem that lots of other apps were. We use different, more secure libraries for XML-RPC. The problem was discovered by the same guy though, I imagine he was auditing our code and found totally unrelated, which we fixed in our recent release. Of course you wouldn’t guess that from the title, “PHP Blogging Apps Vulnerable to XML-RPC Exploits.” Let’s go down the list: PostNuke – content management; WordPress – blogging; Drupal – content/community management; Serendipity – blogging; phpAdsNew – ad serving; phpWiki – wiki (not blogging); phpMyFAQ – FAQ management. If it bleeds it leads, right? 😉

Import and Export

Marc asks about export in the next version of WordPress. It’s actually the very first item on the list because it got bumped from 1.5 because of time constraints. The main holdup has been WordPress supports rich data like custom fields and slugs, which users love, but it makes a lossless import and export a pain. Most other blog tools have a WordPress importer already simply because it’s a market leader, so don’t think the export will improve portability much, but it should make a nice way to backup and restore a WP blog.