topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • January 20, 2019, 03:13 PM
  • Proudly celebrating 13 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: How secure is a private WordPress post from public view?  (Read 2003 times)

kyrathaba

  • N.A.N.Y. Organizer
  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 3,181
    • View Profile
    • Donate to Member
I understand from the documentation that even if someone guessed the URL to a private WordPress post, they still couldn't view it. Is that strictly true? How vulnerable are private posts to, say, a WordPress site using say a typical security plug-in like Wordfence?

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,135
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #1 on: July 07, 2018, 07:15 AM »
Plug-ins are able to lower the security of private posts. If you are unsure, don't install them.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 9,960
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #2 on: July 07, 2018, 09:34 AM »
If you're very concerned about security, I wouldn't trust WordPress, private or not.  Not that it's not capable, it's just that WordPress is a big target.  Keeping things that you'd rather not have anyone see but it's not disastrous if someone does?  It's probably fine for that.  But really secure things?  I'd suggest somewhere else, IMO.

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,437
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #3 on: July 07, 2018, 02:22 PM »
Well, it is possible to configure the web server being used by this private WordPress to only allow access from certain domains or IP addresses. This is not the default setting from any piece of web server software, in my experience.  If the computer that runs the web server software is patched and configured securely, then it will be quite difficult to access the content of this private WordPress instance. A knowledgeable intruder with access to (un)documented back doors on either the web server or WordPress will still find a way in.

Private post on a 3rd party WordPress site, which might or might not have sufficient patches/security in place for that website or the server(s) that site runs on, could be much more quickly compromised than you would expect and therefore should not be considered private under practically any circumstance.

Nowadays I do have the impression that most breaches are made by persons who want to make money of the information they acquire. So if those posts are made on a obscure website with hardly any traffic, than it is likely the case that the financial gain is too low for the amount of effort those persons would have to spent for acquiring your private posts.

The above is valid for anything you couple with the internet, not only WordPress. Applying also fail2ban and 2 factor authentication systems to a web site will improve the chances that your posts stay private considerably. A WordPress website often uses a MySQL database for storing content. If it is an option, storing your private posts sufficiently encrypted (AES256 and/or RSA2048) into such a database will again improve the chance that your posts remain private, even if a breach does occur.

Still, the best thing to do keeping things private is to not post those things on the internet at all.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 8,629
    • View Profile
    • The Blog of Deozaan
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #4 on: July 07, 2018, 02:38 PM »
What's your intended usage? What kind of "security" are you concerned about? Who do you consider your potential adversaries to be that you need to protect the data from?

dirosi

  • Participant
  • Joined in 2018
  • *
  • default avatar
  • Posts: 2
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #5 on: July 20, 2018, 11:10 AM »
I understand from the documentation that even if someone guessed the URL to a private WordPress post, they still couldn't view it. Is that strictly true? How vulnerable are private posts to, say, a WordPress site using say a typical security plug-in like Wordfence?
Although, I am not sure about your question. But, I am trying to give an idea about wordpress post setting.
Wordpress have a Visibility option(For each post you will get this option). Public, Password Protected and Private.
Public: All can view that post.
Password Protected: If someone know your post url and try to visit that url then it will ask admin setup password. Without password visitor cannot view that post.
Private: Only admin and your website register user(if you give access) can view that post.
As an example I do this my cookware website: https://healthyceram...ic-cookware-reviews/
This article was password protected. Now public.
« Last Edit: January 19, 2019, 05:10 AM by dirosi »

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,488
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #6 on: November 30, 2018, 06:56 AM »
If you're very concerned about security, I wouldn't trust WordPress, private or not.  Not that it's not capable, it's just that WordPress is a big target.  Keeping things that you'd rather not have anyone see but it's not disastrous if someone does?  It's probably fine for that.  But really secure things?  I'd suggest somewhere else, IMO.
I'll second that - There is no true 'privacy' on the internet.

On a side note: We really do need a like button system here, it's a great way to agree with something without making a low content clutter post.

Stephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,506
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #7 on: November 30, 2018, 07:32 AM »
If you're very concerned about security, I wouldn't trust WordPress, private or not.  Not that it's not capable, it's just that WordPress is a big target.  Keeping things that you'd rather not have anyone see but it's not disastrous if someone does?  It's probably fine for that.  But really secure things?  I'd suggest somewhere else, IMO.
I'll second that - There is no true 'privacy' on the internet.

On a side note: We really do need a like button system here, it's a great way to agree with something without making a low content clutter post.


I've literally been bugging mouser about this since 2010 :')

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,437
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #8 on: November 30, 2018, 08:09 AM »
Advocate of the devil here:  Would it then not become just a numbers game?  This post is liked by x amount of people on this forum? What does that add exactly?

I visit other sites where people can indicate how much they like a post on that website. It doesn't add anything content-wise, not without the "liker" giving a reason why he/she likes that post. And if "liker" doees that, he/she might as well type a new post anyway.

Personally speaking: Of course, the amount of likes could mean that a particular post is valuable, but that also means that you would need a way to highlight them or find other ways to get the post the attention it deserves. The amount of likes can also allow for a filter to those who only want to see posts that have at 2 or more likes for example. While such things may work on other sites, forum posts on DC I find interesting enough to go through all of them. Besides, the best curator of posts I want to read is me, not some arbitrary number.   

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 8,629
    • View Profile
    • The Blog of Deozaan
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #9 on: November 30, 2018, 11:17 AM »
Advocate of the devil here:  Would it then not become just a numbers game?  This post is liked by x amount of people on this forum? What does that add exactly?

The point of it would be so that you could express thanks or approval or give some form of feedback without having to create a new reply which would therefore ping everyone who has signed up to be notified of new replies. It also helps keep threads on topic instead of having a bunch of superfluous "thanks" or "nice" replies.

This would be especially handy, IMO, in threads such as the latest Steam or GOG giveaways.

As things are now, I have to choose between no reply at all (which can give the OP the idea that nobody cared about what they had to say/share) or possibly bothering a bunch of people with notifications just to say something like "thanks" or "I enjoyed that" etc. Often times I choose the former.

Stephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,506
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #10 on: November 30, 2018, 11:21 AM »
Advocate of the devil here:  Would it then not become just a numbers game?  This post is liked by x amount of people on this forum? What does that add exactly?

The point of it would be so that you could express thanks or approval or give some form of feedback without having to create a new reply which would therefore ping everyone who has signed up to be notified of new replies. It also helps keep threads on topic instead of having a bunch of superfluous "thanks" or "nice" replies.

This would be especially handy, IMO, in threads such as the latest Steam or GOG giveaways.

As things are now, I have to choose between no reply at all (which can give the OP the idea that nobody cared about what they had to say/share) or possibly bothering a bunch of people with notifications just to say something like "thanks" or "I enjoyed that" etc. Often times I choose the former.


This is exactly my thinking behind the "upvote/like" system.  There happens to be a lot of posts on DC where there are no replies at all because the reader may feel like it's "interesting" but have nothing useful to add to the topic. Clicking "Like" will allow the writer to know they didn't just waste their time and that the content was appreciated in some way :)


wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 9,960
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #11 on: November 30, 2018, 12:14 PM »
Advocate of the devil here:  Would it then not become just a numbers game?  This post is liked by x amount of people on this forum? What does that add exactly?

The point of it would be so that you could express thanks or approval or give some form of feedback without having to create a new reply which would therefore ping everyone who has signed up to be notified of new replies. It also helps keep threads on topic instead of having a bunch of superfluous "thanks" or "nice" replies.

This would be especially handy, IMO, in threads such as the latest Steam or GOG giveaways.

As things are now, I have to choose between no reply at all (which can give the OP the idea that nobody cared about what they had to say/share) or possibly bothering a bunch of people with notifications just to say something like "thanks" or "I enjoyed that" etc. Often times I choose the former.

This is exactly my thinking behind the "upvote/like" system.  There happens to be a lot of posts on DC where there are no replies at all because the reader may feel like it's "interesting" but have nothing useful to add to the topic. Clicking "Like" will allow the writer to know they didn't just waste their time and that the content was appreciated in some way


And I wouldn't keep having to post this.  Like I'm posting now.




Stephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,506
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #12 on: November 30, 2018, 12:15 PM »
Advocate of the devil here:  Would it then not become just a numbers game?  This post is liked by x amount of people on this forum? What does that add exactly?

The point of it would be so that you could express thanks or approval or give some form of feedback without having to create a new reply which would therefore ping everyone who has signed up to be notified of new replies. It also helps keep threads on topic instead of having a bunch of superfluous "thanks" or "nice" replies.

This would be especially handy, IMO, in threads such as the latest Steam or GOG giveaways.

As things are now, I have to choose between no reply at all (which can give the OP the idea that nobody cared about what they had to say/share) or possibly bothering a bunch of people with notifications just to say something like "thanks" or "I enjoyed that" etc. Often times I choose the former.

This is exactly my thinking behind the "upvote/like" system.  There happens to be a lot of posts on DC where there are no replies at all because the reader may feel like it's "interesting" but have nothing useful to add to the topic. Clicking "Like" will allow the writer to know they didn't just waste their time and that the content was appreciated in some way


And I wouldn't keep having to post this.  Like I'm posting now.






I'm stealing this "this" GIF.

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,126
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #13 on: November 30, 2018, 12:26 PM »
So next step is when a post gets likes the thread title on the post list page is animated somehow  ;D

Stephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,506
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #14 on: November 30, 2018, 12:29 PM »
So next step is when a post gets likes the thread title on the post list page is animated somehow  ;D

Wat?  :huh:

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 9,960
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #15 on: November 30, 2018, 12:51 PM »
So next step is when a post gets likes the thread title on the post list page is animated somehow  ;D

Wat?  :huh:

Don't worry.  I don't get it either.  :huh:

Stephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,506
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #16 on: November 30, 2018, 12:53 PM »
OH WAIT...

When the post gets "likes", then the thread title on the main topic list will become animated somehow

I thnk  ;D

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,126
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #17 on: November 30, 2018, 02:18 PM »
What do you expect from a guy born in an axis of evil country, me fail English of course

I - jokingly - meant gif or blinking thread titles, to indicate likes

Stephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,506
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #18 on: November 30, 2018, 02:19 PM »
What do you expect from a guy born in an axis of evil country, me fail English of course

America?  :huh:

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,488
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #19 on: November 30, 2018, 02:28 PM »
Advocate of the devil here:  Would it then not become just a numbers game?  This post is liked by x amount of people on this forum? What does that add exactly?

The point of it would be so that you could express thanks or approval or give some form of feedback without having to create a new reply which would therefore ping everyone who has signed up to be notified of new replies. It also helps keep threads on topic instead of having a bunch of superfluous "thanks" or "nice" replies.

This would be especially handy, IMO, in threads such as the latest Steam or GOG giveaways.

As things are now, I have to choose between no reply at all (which can give the OP the idea that nobody cared about what they had to say/share) or possibly bothering a bunch of people with notifications just to say something like "thanks" or "I enjoyed that" etc. Often times I choose the former.

^Like^  :D

Stephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,506
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #20 on: November 30, 2018, 02:33 PM »
Advocate of the devil here:  Would it then not become just a numbers game?  This post is liked by x amount of people on this forum? What does that add exactly?

The point of it would be so that you could express thanks or approval or give some form of feedback without having to create a new reply which would therefore ping everyone who has signed up to be notified of new replies. It also helps keep threads on topic instead of having a bunch of superfluous "thanks" or "nice" replies.

This would be especially handy, IMO, in threads such as the latest Steam or GOG giveaways.

As things are now, I have to choose between no reply at all (which can give the OP the idea that nobody cared about what they had to say/share) or possibly bothering a bunch of people with notifications just to say something like "thanks" or "I enjoyed that" etc. Often times I choose the former.

^Like^  :D

+1

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,126
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #21 on: November 30, 2018, 03:27 PM »
What do you expect from a guy born in an axis of evil country, me fail English of course

America?  :huh:

rimshot :D

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 9,960
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #22 on: November 30, 2018, 04:24 PM »
What do you expect from a guy born in an axis of evil country, me fail English of course

America?  :huh:

Hey now pot (Brexit) watch what you're calling the kettle.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 9,960
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #23 on: November 30, 2018, 04:25 PM »
Advocate of the devil here:  Would it then not become just a numbers game?  This post is liked by x amount of people on this forum? What does that add exactly?

The point of it would be so that you could express thanks or approval or give some form of feedback without having to create a new reply which would therefore ping everyone who has signed up to be notified of new replies. It also helps keep threads on topic instead of having a bunch of superfluous "thanks" or "nice" replies.

This would be especially handy, IMO, in threads such as the latest Steam or GOG giveaways.

As things are now, I have to choose between no reply at all (which can give the OP the idea that nobody cared about what they had to say/share) or possibly bothering a bunch of people with notifications just to say something like "thanks" or "I enjoyed that" etc. Often times I choose the former.

^Like^  :D

+1


Stephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,506
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #24 on: November 30, 2018, 04:51 PM »
Advocate of the devil here:  Would it then not become just a numbers game?  This post is liked by x amount of people on this forum? What does that add exactly?

The point of it would be so that you could express thanks or approval or give some form of feedback without having to create a new reply which would therefore ping everyone who has signed up to be notified of new replies. It also helps keep threads on topic instead of having a bunch of superfluous "thanks" or "nice" replies.

This would be especially handy, IMO, in threads such as the latest Steam or GOG giveaways.

As things are now, I have to choose between no reply at all (which can give the OP the idea that nobody cared about what they had to say/share) or possibly bothering a bunch of people with notifications just to say something like "thanks" or "I enjoyed that" etc. Often times I choose the former.

^Like^  :D

+1