What is /wp-includes/wlwmanifest.xml?

Created 16th August 2023
Updated 17th August 2023

wlwmanifest.xml is a file provided as part of Wordpress installations. It was used by Windows Live Writer, part of a set of applications bundled into Windows 7. The software was end-of-life'd around 2012 and unavailable from Microsoft after 2017 according to Wikipedia. The application continued in an open source environment until 2019 when it was abandoned.

Windows Live Writer could be used to interface to your Wordpress blog by sending a GET request to wlwmanifest.xml. The file told Windows Live Writer various details about the blog and how it could be used, where the APIs where, etc.

The file can also reveal the location of the admin backend URL. If you're a poweruser who changed it, it might not be doing a lot to obfuscate anything.

Examples of the file can be found online. An example structure: 

<manifest xmlns="urn:schemas-microsoft-com:xml-wlw">
    <manifestVersion>1.0</manifestVersion>
    <application>
        <manifestName>WordPress</manifestName>
        <manifestIconUrl>https://example.com/favicon.ico</manifestIconUrl>
    </application>
    <weblog>
        <homepageLinkText>My WordPress Site</homepageLinkText>
        <homepageUrl>https://example.com/</homepageUrl>
        <api>
            <displayName>WordPress</displayName>
            <postApiUrl>https://example.com/xmlrpc.php</postApiUrl>
            <getCategoriesApiUrl>https://example.com/xmlrpc.php?rsd</getCategoriesApiUrl>
            <getTagsApiUrl>https://example.com/xmlrpc.php?rsd</getTagsApiUrl>
            <getRecentPostsApiUrl>https://example.com/xmlrpc.php?rsd</getRecentPostsApiUrl>
        </api>
    </weblog>
</manifest>

References

  1. Security Stack Exchange. (n.d.). Why might I want to remove the wlwmanifest.xml file in WordPress? Retrieved August 15, 2023, from https://security.stackexchange.com/questions/189800/why-might-i-want-to-remove-the-wlwmanifest-xml-file-in-wordpress
  2. WordPress Support Forums. (n.d.). wlwmanifest.xml file. Retrieved August 15, 2023, from https://wordpress.org/support/topic/wlwmanifest-xml-file/
  3. Wikipedia. (n.d.). Windows Live Writer. In Wikipedia. Retrieved August 15, 2023, from https://en.wikipedia.org/wiki/Windows_Live_Writer
  4. CKAN. (n.d.). wlwmanifest.xml. Retrieved August 15, 2023, from https://github.com/ckan/ckan.github.io/blob/master/assets/wlwmanifest.xml

Other known request paths

  1. //blog/wp-includes/wlwmanifest.xml
  2. //web/wp-includes/wlwmanifest.xml
  3. //wordpress/wp-includes/wlwmanifest.xml
  4. //wp/wp-includes/wlwmanifest.xml
  5. //2020/wp-includes/wlwmanifest.xml
  6. //2019/wp-includes/wlwmanifest.xml
  7. //2021/wp-includes/wlwmanifest.xml
  8. //shop/wp-includes/wlwmanifest.xml
  9. //wp1/wp-includes/wlwmanifest.xml
  10. //test/wp-includes/wlwmanifest.xml
  11. //site/wp-includes/wlwmanifest.xml
  12. //cms/wp-includes/wlwmanifest.xml
  13. //wp-includes/wlwmanifest.xml
  14. //website/wp-includes/wlwmanifest.xml
  15. //news/wp-includes/wlwmanifest.xml
  16. //wp2/wp-includes/wlwmanifest.xml
  17. //sito/wp-includes/wlwmanifest.xml
  18. /wp-includes/wlwmanifest.xml
  19. //2018/wp-includes/wlwmanifest.xml
  20. //media/wp-includes/wlwmanifest.xml
  21. /wp-includes/id3/license.txt/blog/wp-includes/wlwmanifest.xml
  22. /wp-includes/id3/license.txt/web/wp-includes/wlwmanifest.xml
  23. /wp-includes/id3/license.txt/wordpress/wp-includes/wlwmanifest.xml
  24. /wp-includes/id3/license.txt/wp/wp-includes/wlwmanifest.xml
  25. /wp-includes/id3/license.txt/2020/wp-includes/wlwmanifest.xml
  26. /wp-includes/id3/license.txt/2019/wp-includes/wlwmanifest.xml
  27. /wp-includes/id3/license.txt/2021/wp-includes/wlwmanifest.xml
  28. /wp-includes/id3/license.txt/shop/wp-includes/wlwmanifest.xml
  29. /wp-includes/id3/license.txt/wp1/wp-includes/wlwmanifest.xml
  30. /wp-includes/id3/license.txt/test/wp-includes/wlwmanifest.xml
  31. /wp-includes/id3/license.txt/site/wp-includes/wlwmanifest.xml
  32. /wp-includes/id3/license.txt/cms/wp-includes/wlwmanifest.xml