These are chat archives for WP-Security-Community/WP-Security-Community

13th
Jun 2016
Jenny Wong
@missjwo
Jun 13 2016 13:24
@brechtryckaert Ive only seen a couple of people have repsonded to your doodle. I know we are busy with WCEU and i suspect many are planing for that
but maybe n idea is to contact them invidually and ask if they will fill in the doodle. because if we can have oru meeting ebfore wceu, then they can help spread the word at wceu
Brecht Ryckaert
@brechtryckaert
Jun 13 2016 13:25
I though that might have something to do with that. Or deadlines before the start of the holiday period.
I'll contact them myself :)
Jenny Wong
@missjwo
Jun 13 2016 13:25
cool.
Brecht Ryckaert
@brechtryckaert
Jun 13 2016 13:25
thanks for the suggestion
also, since I really want to get some features in core, I'm preparing this for the feature chat on juli 14th: https://github.com/brechtryckaert/Security-Opt-In
Jenny Wong
@missjwo
Jun 13 2016 13:26
cool
Brecht Ryckaert
@brechtryckaert
Jun 13 2016 13:26
-> making an opt-in for xml-rpc and author pages (stopping user enumeration)
still needs work though, far from production ready ;)
Jenny Wong
@missjwo
Jun 13 2016 13:27
i feel like maybe it woudl go under an advance settings page when you are setting up WordPress.
i dunno fi core team woudl accept turning xml-rpc by default.
Brecht Ryckaert
@brechtryckaert
Jun 13 2016 13:27
the plugin is created so a section "security opt-in" is being created under "Settings"
Jenny Wong
@missjwo
Jun 13 2016 13:28
interesting
Brecht Ryckaert
@brechtryckaert
Jun 13 2016 13:28
and upon activation of the plugin, xml-rpc and author pages are turned off by default, but with an overide option if the user would need certain functions
so you'll only open up vulnerable function if really required
at first with only xml-rpc and author pages, but I'd love to extend this in the future. And I'll launch it as a plugin anyway, even if core inclusion is being rejected