MarsEdit 5 is out! Features new Markdown highlighting and quick micropost window. Works great with Micro.blog. Congrats @danielpunkass!

@manton it's a pretty nice upgrade. I don't know if it's theme I'm using or what, but MarsEdit fails to detect my blog: "MarsEdit was unable to determine the weblog settings from your home page URL. In most cases you can still manually configure the blog". I'll investigate the issue later tonight.

@otaviocc I had the same issue, on a self hosted Wordpress blog. Turned out that calls to xmlrpc.php file were blocked server wide by my hosting company. Seems to be a security issue and possible exploits of this connecting point. They unlocked it but told me it would only be temporary.

@manton I'll open an pull request for the theme I'm using. It's missing some header links.

@jokef I did a quick investigation now. In my case it's missing some header links in the theme I'm using. I'll open a pull request fixing the theme.

@jokef how's WP in terms of security nowadays? When I used it 10+ years ago it was easy to hack a self hosted setup and inject code.

@otaviocc @jokef I work with WordPress a lot. It’s stable and secure if you keep your install updated. And you can get rid of the xmlrpc file altogether because it’s no longer needed. That’s an in-point for hackers and it uses a lot of resources. My hosting company kept flagging the resources that single file used and I almost went above my quota several times in the last 6 months until I deleted it.

@gdp Yes, but MarsEdit seems to need the xmlrpc file to publish to WordPress. Maybe @danielpunkass can help?

@gdp @jokef @otaviocc The WordPress XMLRPC API has long been considered as secure as basically any other component in WordPress. Otherwise the team wouldn't continue to include it and enable it by default. The advice about disabling it unilaterally is pretty outdated.

@jokef @otaviocc You can learn more about manual configuration here: help.redsweater.com/marsedit/...

@danielpunkass thanks! In my case it is failing to add a Micro.blog blog (I will try to add it manually later).

@danielpunkass That’s very interesting. Thanks for that explanation.

@otaviocc Oh, I see! I should add a manual configuration page for Micro.blog, to cover that scenario.

@gdp @danielpunkass @jokef @otaviocc The resources issue cited by your ISP/Host was probably due to frequent requests from "malicious actors" ATTEMPTING old XML-RPC hacks against your WordPress install.

Constant assault by robo-cracker scripts is a tragedy of the cyber-commons.

@otaviocc Please check out this new manual configuration detail page for Micro.blog: help.redsweater.com/marsedit/...

@danielpunkass thanks. I created a pull request for the theme I'm currently using, fixing the issue github.com/microdotb.... With this change MarsEdit can detect and configure the blog.

@otaviocc Nice!

@danielpunkass Thank you very much for these detailed explanations. That's what I thought about the XMLRPC file. I will check with my host to leave it accessible. For the manual configuration it's all OK, I had already done it.

@SciPhi Yes. I was told it was something like that. It's really annoying.

@jokef Cool! Hope you get it all sorted out.