Information and Links
Join the fray by commenting, tracking what others have to say, or linking to it from your blog.
WordPress Live Writer header tags trigger anti-virus software
Yesterday, someone emailed me saying that their anti-virus software would not let them properly view this website. I keep my site fairly well up-to-date and check it regularly for strange behaviour, so this seemed like a strange complaint. However, I am not one to ignore someone saying they can't see my website. Doing my due diligence I asked for any errors that the anti-virus software might have come up with. The fellow said there were no useful errors. Next step, look at the source code a little more carefully. I figured I would be looking for a script or link to a script that Windows might be trying to access. Very quickly I noticed the following two links:
-
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.esslingerfoods.com/xmlrpc.php?rsd" />
-
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://www.esslingerfoods.com/wp-includes/wlwmanifest.xml" />
A quick search on WordPress.org showed that others question whether or not these two files should be on the their wordpress site, or not. As it turns out, these lines are part of a "feature" of the most recent WordPress upgrades. They give you the ability to use Windows Live Writer with your WordPress blog. Oh, and WordPress decided this is a must have for everyone, so there is no preference setting to turn it off.
Fortunately a few people gave a suggestion on how to disable this feature quickly and easily. Simply add the following two lines of code to the top of your current theme's functions.php file:
-
remove_action('wp_head', 'wlwmanifest_link');
-
remove_action('wp_head', 'rsd_link');
After these two lines were added to my current WordPress theme's functions.php file, I emailed my visitor back and asked him to check my site again. Low and behold, his issue with my website was gone. His anti-virus software was now happy and he could once again, view my site.
If the developers at WordPress are listening, which I am sure they will be once I post a comment on their forum about this "Please don't force special features like this on people, it is just plain wrong."
I don't have tons of traffic but I get more than 100 unique visitors a day, which is kind of nice to know. Out of those visitors, I am pretty sure that more than one a month has had this same problem. As we all know, most people that find issues with small sites like mine, usually don't take the time to inform the webmaster. So, thanks to WordPress, I have probably ticked off a few visitors for no good reason, to which I apologize. This is another good reason why I am switching to ExpressionEngine as soon as my little fingers have the time to do the move.
A special thanks to Steve at DomainePlus.com who alerted me to this issue.
Platt,
Would you comment on using
Header set Cache-Control “max-age=300″
in WordPress. Many experienced programmers won’t use it out of fear it will cause problems with xmlrpc.php and xmlrpc.php?rsd.
Thanks,
Roscoe