Looks like anyone can easily spy on your WordPress drafts. Thankfully, there's a quick fix. And no, you don't even have to touch any of your WordPress PHP files.

First read about this in Ryan's WordPress Hacked: Anyone Can View Future/Draft Posts over at CyberNetNews.com, thanks to the Tweet of Tyler Reed.

In short, with a little patience, others can view your drafts or unpublished WordPress posts. If those folks are active bloggers, then they can publish a similar post ahead of you.

Ryan talks about quickly solving the problem by editing your wp-includes\query.php file.

If you're not comfortable editing that file and uploading the edited version back to your webserver, you can redirect

index.php/wp-admin/
to
/wp-admin/

(NOTE: You might need to make two redirects: one with a trailing slash, as in index.php/wp-admin/ and another without the trailing slash, as in index.php/wp-admin just to be on the safe side).

I tested the draft spying issue with respect to the WordPress RSS feed, but was not able to reproduce it even on my other sites that do not use the Feedburner redirect plugin.

So if you're the kind of WordPress blogger who likes to write drafts, protect your future posts from the prying eyes of the WordPress post hijackers.

Free Download: Get targeted traffic to work for YOU right NOW. Guaranteed.

Finally revealed - How to Get a FLOOD of Targeted Visitors To Your Site Daily.

Download your free ebook today at http://morevisitors.com-review.org

"WordPress Draft Spy"
First Posted: December 29, 2007 | Filed in: Wordpress


Make Money Online and take a vacation today!

Comments Off