Please move this to a plugin.
Business sites are very unlikely to post from e-mail.
People who do need this feature should of course still be able to access it, but for the vast majority it is an attack vector that we don’t want / need and currently need to secure with more code.
Thanks for reading.
Read-only archive : https://petitions.classicpress.net/posts/178/remove-post-via-e-mail
Author : ALS
Vote count : 24
Status : open
Comments
+1 move to plugin.
~ posted by James Walker
+1 on disabled by default. Does it need ported out to a plugin though? That would add additional overhead to runtime and extra unnecessary steps for users that did choose to use this feature.
~ posted by William Patton
Yes, this should be moved out to a core plugin as defined in our v2 roadmap . This way it is consistent with other similar features, and the code involved can be completely removed if it is not needed.
The runtime overhead is minimal, and there is not an extra step so much as it is different (deactivate the core plugin for this feature, which may be on a separate screen or at least have its own filter in the plugins list).
Deleting the plugin entirely would be an extra step, but this isn’t possible if it’s just an option.
~ posted by James Nylen
Agreed, and it has nothing to do with being a Business-focused CMS either. It’s simply a feature that 90% or more of users don’t use, so its creating a security and performance issue with no obvious benefits.
~ posted by Jesse