Removing the ability to disable XML-RPC in emergency release 5.0.3
This entry was posted in Wordfence, WordPress Security on April 10, 2014 by Mark Maunder 5 Replies
We screwed up. Wordfence 5 was a very big release for us and in our haste to get it out the door we didn’t sufficiently test one of the features we added towards the end of the development cycle: The ability to disable XML-RPC.
Turns out that adding this feature and turning it on by default broke many users ability to remotely publish to their sites along with several mobile apps.
To fix this we just put out Wordfence 5.0.3 which has only one difference: We have completely removed the ability to disable XML-RPC.
We did this after some feedback from the community and WordPress core developers.
So how do we avoid this from happening in the future? We’re going to take a long hard look at the process we use to evaluate whether or not to add a feature and include it in a particular release. And we’re going to reevaluate our software quality assurance processes and procedures.
Wordfence has grown up into a very popular product and is used by tens of thousands of WordPress publishers to keep their sites safe, secure and now with Wordfence 5, fast. It’s time we take our company through the next stage in its evolution so that it keeps pace with the demands of our large user-base.
So, from me, Mark Maunder, the creator of Wordfence and lead developer, please accept my sincere apology for any inconvenience caused by us including this feature. Wordfence 5.0.3 fixes the issue and I can assure you that we’re focused on fixing the larger issue of delivering enterprise ready, rock solid and well tested software.
Expect more on this in the near future as we work with the community to improve our testing and release process.
Mark Maunder – Wordfence founder and Feedjit Inc CEO.