topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • November 19, 2018, 05:58 PM
  • Proudly celebrating 13 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: How secure is a private WordPress post from public view?  (Read 959 times)

kyrathaba

  • N.A.N.Y. Organizer
  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 3,176
    • View Profile
    • Donate to Member
I understand from the documentation that even if someone guessed the URL to a private WordPress post, they still couldn't view it. Is that strictly true? How vulnerable are private posts to, say, a WordPress site using say a typical security plug-in like Wordfence?

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,081
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #1 on: July 07, 2018, 07:15 AM »
Plug-ins are able to lower the security of private posts. If you are unsure, don't install them.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 9,820
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #2 on: July 07, 2018, 09:34 AM »
If you're very concerned about security, I wouldn't trust WordPress, private or not.  Not that it's not capable, it's just that WordPress is a big target.  Keeping things that you'd rather not have anyone see but it's not disastrous if someone does?  It's probably fine for that.  But really secure things?  I'd suggest somewhere else, IMO.

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,394
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #3 on: July 07, 2018, 02:22 PM »
Well, it is possible to configure the web server being used by this private WordPress to only allow access from certain domains or IP addresses. This is not the default setting from any piece of web server software, in my experience.  If the computer that runs the web server software is patched and configured securely, then it will be quite difficult to access the content of this private WordPress instance. A knowledgeable intruder with access to (un)documented back doors on either the web server or WordPress will still find a way in.

Private post on a 3rd party WordPress site, which might or might not have sufficient patches/security in place for that website or the server(s) that site runs on, could be much more quickly compromised than you would expect and therefore should not be considered private under practically any circumstance.

Nowadays I do have the impression that most breaches are made by persons who want to make money of the information they acquire. So if those posts are made on a obscure website with hardly any traffic, than it is likely the case that the financial gain is too low for the amount of effort those persons would have to spent for acquiring your private posts.

The above is valid for anything you couple with the internet, not only WordPress. Applying also fail2ban and 2 factor authentication systems to a web site will improve the chances that your posts stay private considerably. A WordPress website often uses a MySQL database for storing content. If it is an option, storing your private posts sufficiently encrypted (AES256 and/or RSA2048) into such a database will again improve the chance that your posts remain private, even if a breach does occur.

Still, the best thing to do keeping things private is to not post those things on the internet at all.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 8,577
    • View Profile
    • The Blog of Deozaan
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #4 on: July 07, 2018, 02:38 PM »
What's your intended usage? What kind of "security" are you concerned about? Who do you consider your potential adversaries to be that you need to protect the data from?

dirosi

  • Participant
  • Joined in 2018
  • *
  • default avatar
  • Posts: 2
    • View Profile
    • Donate to Member
Re: How secure is a private WordPress post from public view?
« Reply #5 on: July 20, 2018, 11:10 AM »
I understand from the documentation that even if someone guessed the URL to a private WordPress post, they still couldn't view it. Is that strictly true? How vulnerable are private posts to, say, a WordPress site using say a typical security plug-in like Wordfence?
Although, I am not sure about your question. But, I am trying to give an idea about wordpress post setting.
Wordpress have a Visibility option(For each post you will get this option). Public, Password Protected and Private.
Public: All can view that post.
Password Protected: If someone know your post url and try to visit that url then it will ask admin setup password. Without password visitor cannot view that post.
Private: Only admin and your website register user(if you give access) can view that post.