Title: Must have when using WordPress XMLRPC API
Last modified: September 3, 2016

---

# Must have when using WordPress XMLRPC API

 *  [skreutzer](https://wordpress.org/support/users/skreutzer/)
 * (@skreutzer)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/must-have-when-using-wordpress-xmlrpc-api/)
 * In general, it’s good that the WordPress XMLRPC API is enabled per default in
   order to allow more integrated Web platforms and software, but the username/password
   authentication mechanism makes a WordPress installation very vulnerable to brute
   force and dictionary attacks, and even primitive network sniffing if HTTPS isn’t
   used. Hashing a private authentication key as provided with this plugin should
   be a minimum requirement for any use of WordPress XMLRPC and is very important
   to prevent easy take-over of user accounts.

The topic ‘Must have when using WordPress XMLRPC API’ is closed to new replies.

 * ![](https://ps.w.org/secure-xml-rpc/assets/icon-256x256.png?rev=975920)
 * [Secure XML-RPC](https://wordpress.org/plugins/secure-xml-rpc/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/secure-xml-rpc/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/secure-xml-rpc/)
 * [Active Topics](https://wordpress.org/support/plugin/secure-xml-rpc/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/secure-xml-rpc/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/secure-xml-rpc/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [skreutzer](https://wordpress.org/support/users/skreutzer/)
 * Last activity: [11 years, 10 months ago](https://wordpress.org/support/topic/must-have-when-using-wordpress-xmlrpc-api/)