ULTRAVIAS - Notebook, Laptop and mobile device reviews

I mentioned previously that the XML-RPC and Atom blog APIs would be disabled by default when WordPress 2.6 is released. This was a matter of some debate within the community, and there has been some clarification:

• The APIs will not be automatically disabled for sites upgrading from older versions. Since the APIs have previously been ‘on’ by default, they will continue to function.
• For new installs of WordPress 2.6 and later, there will be an option presented at install-time to enable the APIs. Or not. They seem to have removed that between Beta 1 and Beta 2.
• There will be options in the Write settings to enable or disable XML-RPC posting and Atom API posting individually.

This sounds like the most reasonable path to make this change without causing disruption for those who have been using client tools like Ecto, MarsEdit, or Windows Live Writer (or third-party web services which can post to blogs, like Flickr or Delicious) to post to their blogs.

Also, though this change is being made under the moniker of a security improvement, that is not to imply that the current API code is not secure. It is simply a pretty standard practice to turn off services that are not used, just as when building a dedicated email server, you wouldn’t turn on FTP unless you absolutely needed it. Stats from WordPress.com have shown that only about 5% of its users utilize the client APIs, so it doesn’t make sense to automatically turn it on for the 95% who aren’t using them.

Last night Ryan Boren announced the release of WordPress 2.6 Beta 1. At first glance, you probably wouldn’t notice much difference between versions 2.5 and 2.6. The two biggest new features are Post Revisions, which saves a history of edits made to each post, and support for Gears, which greatly speeds up working with the admin screens.

Other changes of note:

• Support for the XML-RPC and Atom client APIs is turned off by default now. If you use an external client for posting, you’ll need to specifically turn these features on, under Settings/Writing.
• Impoved support for SSL access to the admin screens.
• When you are selecting themes, you now get to view a preview of how your site looks with the new theme before commiting to the change.
• The return of the “Press This” bookmarklet (find it in the sidebar of the Write page). Drag the link to your browser’s bookmarks toolbar, and use it to quickly post about sites you visit.
• More avatar options. The Gravatar service now supports displaying MonsterID, Wavatar, or Identicon icons in place of the default icon for those who don’t have a personalized Gravatar. These options are selectable under Settings/Discussion. My Easy Gravatars plugin can support this as well, though I’ll probably update it to use the new built-in settings, rather than its own. I’ll write that up later.
• Improved plugin management. Active and inactive plugins are now listed separately. You now have the abiliity to “bulk activate” or “bulk deactivate” plugins. You can also delete unused plugins at the click of a button. (Now all we need is the ability to search and install plugins from the  Extend directory right from our admin! Maybe in 2.7?)

And there are other assorted improvements, such as updates to the latest jQuery and jQuery UI libraries, updates to the latest TinyMCE editor, improvements to Page and Category management, and as always, general performance enhancements.

It is a beta, so there are still quirks being hammered out (personally, I’ve observed issues with the theme preview, and with deleting plugins). So don’t use this on a “critical” production web site yet. I’m running it here, but obviously, my personal blog isn’t critical, and I’ve always got backups available for when I screw something up.

Download WordPress 2.6 Beta 1