XML-RPC on WordPress Vulnerability Primer Tutorial
If you researched XML-RPC when you read our Flickr and WordPress Integration Primer Tutorial about the capabilities of (the online image repository) Flickr and WordPress automation of blog postings, you’d have been like me, and have been very enthusiastic about the possibilities. If you are the same, perhaps you are like me, and have zero interest in hacking, and attempts at stealing other people’s online information, all the way through to their identities.
Alas, in the case of WordPress, XML-RPC, as you can read about at this link, can be used to “hack” into a WordPress blog administration account via a “brute force” attack …
The main weaknesses associated with XML-RPC are: Brute force attacks: Attackers try to login to WordPress using xmlrpc.php .
We decided to close off this vulnerability at our WordPress blog, but how?
- click off the “XML-RPC” checkbox at WordPress 3.0.3 TwentyTen theme admin Settings -> Writing (Remote Publishing)
- applied a .htaccess file solution (at our Apache web server), including into it, thanks to the advice of How To Safely Disable XMLRPC In WordPress (While Keeping Jetpack) …
<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>
… and settle for manual approaches to open this up when Flickr/WordPress automations of blog postings are needed (or add your own “Allow from 999.9.99.9” type record between “Order allow,deny” and “Deny from all” above), for any given reason, into the future.
Here’s a list of links we visited reading up on this subject …
- wordpress xmlrpc php – Google Search
- What Is xmlrpc.php in WordPress and Why You Should Disable It
- disabling xml-rpc 3.0.3 wordpress – Google Search
- How to Enable and Disable XMLRPC.PHP in WordPress and Why – GreenGeeks
- Disable XML-RPC plugin earlier than 3.5 – Google Search
- can i rename xmlrpc.php – Google Search
- security – Best way to eliminate xmlrpc.php? – WordPress Development Stack Exchange
- How To Safely Disable XMLRPC In WordPress (While Keeping Jetpack)
Did you know?
There are occasions you want to know what IP address the rest of the net sees you at, your so called “public IP address”. Just type (rather than assume 999.9.99.9 … chortle, chortle) …
my ip address into the address bar or a search engine
Previous relevant Flickr and WordPress Integration Primer Tutorial is shown below.
Flickr and WordPress Integration Primer Tutorial
Photo sharing on the web is very popular, and Flickr is a very popular photo sharing website. Today we build on JSON and jQuery Javascript Flickr Feed Tutorial as shown below, and show a Flickr piece of Sharing functionality that allows you to log into Flickr and post a photograph to a WordPress blog as a new posting (cute, huh).
Below are some good background reading for the concepts of this tutorial and to do with using Flickr Photo Sharing, all via Wikipedia:
Link to tutorial here (where, along the way you’ll see lots of Flickr Sharing functionalities and great software integration options described … start here), the work of which resulted in …
Previous JSON and jQuery Javascript Flickr Feed Tutorial is shown below.
JSON and jQuery Javascript Flickr Feed Tutorial
Web browser users really like to make use of data feeds and one of the protocol formats they are often using when accessing RSS feeds is JSON (and XML), as outlined below in a Wikipedia entry. In this tutorial we see JavaScript jQuery library functionality accessing the Flickr image hosting share area used by this domain here at rjmprogramming.com.au and then go on to show you some steps in making a Web Application that could access this Flickr image hosting photo data.
JSON (pron.: /ˈdʒeɪsɒn/ JAY-sawn, pron.: /ˈdʒeɪsən/ JAY-sun), or JavaScript Object Notation, is a text-based open standard designed for human-readable data interchange. It is derived from the JavaScript scripting language for representing simple data structures and associative arrays, called objects. Despite its relationship to JavaScript, it is language-independent, with parsers available for many languages.
The JSON format was originally specified by Douglas Crockford, and is described in RFC 4627. The official Internet media type for JSON is application/json. The JSON filename extension is .json.
The JSON format is often used for serializing and transmitting structured data over a network connection. It is used primarily to transmit data between a server and web application, serving as an alternative to XML.
Click on picture above to see the Flickr Feed tutorial using jQuery and JSON.
Link to Flickr Feed live run for rjmprogramming.com.au Flickr photo set (latest 20).
Below are some good background reading for the concepts of this tutorial all via Wikipedia:
Link to Flickr image hosting for rjmprogramming.com.au called rmetimages.
Download programming source code and rename to FlickrFeed_jQuery_Json.html.
Did you know …
JavaScript makes a great easy-access Calculator?
Try typing the lines below into the address bar of your favourite browser:
Javascript: eval(512 / 380);
Javascript: eval(512 * 380);
Javascript: eval(512 – 380);
Javascript: eval(512 + 380);
Javascript: eval(512 % 380);
These days we spend so much time on the Internet it is a much quicker way to get to a calculator!
You may want to try the new Android App called Flickr Latest 20.
If this was interesting you may be interested in this too.
If this was interesting you may be interested in this too.
If this was interesting you may be interested in this too.
