Herself's Webtools

One of the more fun things to do with your blog is to post to it remotely from Flickr, your cell phone, email etc. I remote post to my personal blog, the rest I sit at a computer and log in to to write posts.

If you only write posts while logged onto WordPress you don’t need xmlrpc.php. This file is included only for remote publishing. When I installed WordPress 2.7 I turned off trackbacks and xmlrpc in my settings.

Despite turning it off the non-technical sites got slammed with trackback spam and comment postings from non users. Akismet caught all of it but I’d rather not have it even hitting Akismet.

If you do not do remote publishing on your blog I strongly recommend deleting the xmlprc.php file. Many of the WordPress security updates have come from problems with this file and assuming you haven’t done anything too creative with your WordPress install it’s your weakest link in security.

If you post to your blog from Flickr, email, Google Docs or similar clients you’ll need to leave in xmlrpc.php as they need it as an interface to talk to your blog.

If you allow trackbacks on your blog you need to leave the trackback.php file in your WordPress install. If like me, you don’t allow trackbacks, go ahead and delete trackback.php. For me the spam to legit trackback ratio is just too high to be worth the trouble.

I don’t know why turning both of these off in 2.7 doesn’t work, perhaps a future patch will correct it?

More information:
How to combat WordPress trackback spam
Guide to reducing WordPress Trackback spam and comments
XML-RPC at SourceForge
XML-RPC WordPress Codex
Weblog Client (lists clients that require xmlrpc on WordPress )
XML-RPC Changes in WordPress 2.7
XML Rewriting Attacks: Existing Solutions and their Limitations

If you are new to web development or if you are debating which tools to use for your site you’ll want to give this paper a read. It covers all the main and many less common technologies. Descriptions, pros and cons of the various web technologies are covered.

Web-based application developers face a dizzying array of platforms, languages, frameworks and technical artifacts to choose from. We survey, classify, and compare technologies supporting Web application development. The classification is based on (1) foundational technologies; (2)integration with other information sources; and (3) dynamic content generation. We further survey and classify software engineering techniques and tools that have been adopted from traditional programming into Web programming. We conclude that, although the infrastructure problems of the Web have largely been solved, the cacophony of technologies for Web-based applications reflects the lack of a solid model tailored for this domain.

Download (pdf) Survey of Technologies for Web Application Development