Main Area and Open Discussion > General Software Discussion

How secure is a private WordPress post from public view?

(1/5) > >>

kyrathaba:
I understand from the documentation that even if someone guessed the URL to a private WordPress post, they still couldn't view it. Is that strictly true? How vulnerable are private posts to, say, a WordPress site using say a typical security plug-in like Wordfence?

Tuxman:
Plug-ins are able to lower the security of private posts. If you are unsure, don't install them.

wraith808:
If you're very concerned about security, I wouldn't trust WordPress, private or not.  Not that it's not capable, it's just that WordPress is a big target.  Keeping things that you'd rather not have anyone see but it's not disastrous if someone does?  It's probably fine for that.  But really secure things?  I'd suggest somewhere else, IMO.

Shades:
Well, it is possible to configure the web server being used by this private WordPress to only allow access from certain domains or IP addresses. This is not the default setting from any piece of web server software, in my experience.  If the computer that runs the web server software is patched and configured securely, then it will be quite difficult to access the content of this private WordPress instance. A knowledgeable intruder with access to (un)documented back doors on either the web server or WordPress will still find a way in.

Private post on a 3rd party WordPress site, which might or might not have sufficient patches/security in place for that website or the server(s) that site runs on, could be much more quickly compromised than you would expect and therefore should not be considered private under practically any circumstance.

Nowadays I do have the impression that most breaches are made by persons who want to make money of the information they acquire. So if those posts are made on a obscure website with hardly any traffic, than it is likely the case that the financial gain is too low for the amount of effort those persons would have to spent for acquiring your private posts.

The above is valid for anything you couple with the internet, not only WordPress. Applying also fail2ban and 2 factor authentication systems to a web site will improve the chances that your posts stay private considerably. A WordPress website often uses a MySQL database for storing content. If it is an option, storing your private posts sufficiently encrypted (AES256 and/or RSA2048) into such a database will again improve the chance that your posts remain private, even if a breach does occur.

Still, the best thing to do keeping things private is to not post those things on the internet at all.

Deozaan:
What's your intended usage? What kind of "security" are you concerned about? Who do you consider your potential adversaries to be that you need to protect the data from?

Navigation

[0] Message Index

[#] Next page