4 {{ upvoteCount | shortNum }}
4 {{ upvoteCount | shortNum }}

XML-RPC security question

by jayveen
2 replies
Hi all,

I want to program some wordpress automation from my home PC. WP comes with a nice blogging API using xml-rpc, but to start the transaction you have to send a login with the WP username and password, the same ones you use to log in with myblogname.com/wp-admin to administer via a web page.

My question is whether the XML-RPC login transaction protects the username/password from being viewed in transit, or whether the plain text username/password is sent over the internet. (I assume that when you log in to /wp-admin and enter the username/password fields that they are somehow encrypted and not sent in plain text.) I googled around but can't find an answer.

Thanks in advance.

J
#question #security #xmlrpc
  • Profile picture of the author Neil Morgan
    I assume that when you log in to /wp-admin and enter the username/password fields that they are somehow encrypted and not sent in plain text.
    Actually they are sent in plain text.

    Unless you're using an https URL meaning the traffic between you and your site is encrypted, then everything is sent as plain text.

    The same applies whether you're using XML-RPC or logging in manually through your browser.

    Cheers,

    Neil
    Signature

    Easy email marketing automation without moving your lists.

    {{ DiscussionBoard.errors[1745814].message }}
    • Profile picture of the author jayveen
      Well thanks! I really didn't know if you needed https to get a secure log in connection; on the command line I use things like ssh which is guaranteed encrypted, and I thought their might be some behind the scenes protocol going on with wp logins.
      {{ DiscussionBoard.errors[1746359].message }}

Trending Topics