One thing that has always annoyed me about WordPress is it’s “I don’t think about security for features” attitude. Over time they have locked down the APIs a bit more. They are now disabled by default. Default passwords are complex when using a suggested one in the current version. So what is my complaint?
Posting by e-mail is the easy way to take over your blog, at least in the content side of things. For someone that crossposts, this could be a doubly evil attack. This is why I have no good method for posting by e-mail on WordPress. Essentially it is either on or it’s off. Currently I have mine turned off, even those this could be a real boon to me when I am mobile.
There is one simple method they could do to adjust this and make it usable without worrying about someone finding out your “secret” e-mail posting address and posting things on the front page of your blog; give you an option to allow the posts to show up as drafts (since I would also like to do some final formatting before publishing an article anyways). There was a plugin called Postie which I used for my life archiving project, but I could never get to run automatically – so I gave up on that solution. It is still a function that I desperately want.
I received advice once that if you posted to your blog via e-mail from an unknown e-mail address that it would post it as a draft post (i.e. not showing on your front page). I did some testing on this, it’s a false rumor. It so gave me hope.
So which version of WordPress is going to plug this whole and just give you the option to set e-mailed in articles as drafts?