Has anyone fixed the xmlrpc.php issue in wordpress?

My understanding is that version 1.5.1.3 fixes xmlrpc vulnerabilities. See the WordPress development blog (http://wordpress.org/development/2005/06/wordpress-1513) for more information (although they don't give all that much info about the vulnerability).

I am working on 3 active sites right now to solve the issue.

My guess is that without xmlrpc.php running xml is the only loss. FQ has disabled and the site still functions. We do not push xml and have removed it from the presentation portion of our wordpress implimentations.

I will update here what works for me.

If you are running a wordpress version 1.5 or above, the update is easy. Just delete some files and upload the new ones. There are not any scripts to run.

http://codex.wordpress.org/Upgrading_WordPress#Upgrade_1.5.1.2_to_1.5.1.3

Unfortunately, I also had to do a fix on phpMyFAQ which turned into a big problem. I eventually got it done, but for some reason, it turned into a real hassle. It was likely something I did.:blush:

I have one I am not using. Delete the file.
I have one running 1.2 (need to upgrade)
I have 3 running 1.5 (need to upgrade)
Doing full backups now before the upgrades (both site and sql files)
Just in case!

Delete the file worked fine for the one I do not use.
The 1.2 upgrade to 1.5.1.3 needs to wait for the weekend, I will delete the file till then.
I have upgraded the 1.5's to 1.5.1.3 easy upgrade, just took time to backup.
Thanks FQ for the email on the problem so we could fix it. :yeah:

One of these blogs www.NHcafe.org has become very popular, it would have been very bad to have had a security issue.

Steve