post-page

WordPress 3.5 Beta 1 and Twenty Twelve Released

8
responses
heading
heading
heading
8
Responses

 

Comments

  1. Ian Dunn (2 comments.) says:

    XML-RPC is enabled by default in 3.5, but I personally think that’s a bad decision from a security perspective. There’ve been serious XML-RPC vulnerabilities in the past, but they weren’t an issue for most users because it was disabled by default.

    The benefit of enabling it by default is that people who want to use it don’t have to spend 15 seconds turning it on. The downside is that it creates a new attack vector for hackers. Doesn’t seem worth it to me.

    For anyone who’s concerned about security, you can disable it with the new ‘xmlrpc_enabled’ filter. See http://core.trac.wordpress.org/ticket/21509

    Also, doesn’t this violate the 80% rule?

    “The rule of thumb is that the core should provide features that 80% or more of end users will actually appreciate and use. If the next version of WordPress comes with a feature that the majority of users immediately want to turn off, or think they’ll never use, then we’ve blown it.” — http://wordpress.org/about/philosophy/

    I’m pretty confident that far less than 80% of WP users even know what XML-RPC is, let alone use it.

    • James (184 comments.) says:

      I’m pretty confident that far less than 80% of WP users even know what XML-RPC is, let alone use it.

      To be clear, I had nothing to do with the decision and am unclear on the background myself, but I think what you’ve said above is actually why they did it.

      From the blog post, this was intended to make using the mobile apps easier, and the mobile apps are quite popular. As of now, using one of the mobile apps requires a confusing, “Huh, what’s XML-RPC?” step, whereas enabling it by default in 3.5 seems to be intended to avoid such confusion.

      • Ian Dunn (2 comments.) says:

        That’s a good point, James. I hadn’t considered the popularity of the apps themselves when judging the popularity of XML-RPC, even though they are tied together.

        Even with that, though, I still don’t think the majority of installations actually use either of them, and it’s really not that hard to explain to someone how to turn on a single setting. So, when combined with the potential security risks, my personal opinion is that it should remain disabled by default. I can see the validity of other opinions, though.

        It’s fairly easy to turn off, though; you just need to add this to a functionality plugin:

        add_filter( ‘xmlrpc_enabled’, ‘__return_false’ );

  2. Jatin (1 comments.) says:

    Will give wordpress 3.5 a try soon , thanks for this nice update !

  3. Alizeh (2 comments.) says:

    Well although this beta version has some improvements for images but still a lot of work needs to be done on uploading image function and quick insertion of images and setting post featured thumbnail. Hope to see better image insertion support in upcoming WordPress versions

  4. George (1 comments.) says:

    So, how long do I need to wait to update for the next version after this beta release? I have a live site, any advice appreciated

  5. Jonty (3 comments.) says:

    I’ve read elsewhere that the new 2012 theme has some compatibility issues with older versions of i.e. I tend to use the default themes as a learning tool and I was hoping to pick up some tips on making the site more responsive. Has anyone here had any experience with this so far?

    • James (184 comments.) says:

      Twenty Twelve makes use of some advanced CSS 3 techniques which are not supported in IE 8 or earlier. Because of this, visitors with the older IE browsers will see something very similar to the mobile version.

      So, it still works with earlier versions of IE, it’s just not as pretty as it would be under Firefox, Chrome, Safari, Opera, or IE 9.



Obviously Powered by WordPress. © 2003-2013

page counter
css.php