WordPress Draft Spy
244 words | Last Updated: December 29, 2007 |
Looks like anyone can easily spy on your WordPress drafts. Thankfully, there's a quick fix. And no, you don't even have to touch any of your WordPress PHP files.
First read about this in Ryan's WordPress Hacked: Anyone Can View Future/Draft Posts over at CyberNetNews.com, thanks to the Tweet of Tyler Reed.
In short, with a little patience, others can view your drafts or unpublished WordPress posts. If those folks are active bloggers, then they can publish a similar post ahead of you.
Ryan talks about quickly solving the problem by editing your wp-includes\query.php file.
If you're not comfortable editing that file and uploading the edited version back to your webserver, you can redirect
index.php/wp-admin/
to
/wp-admin/
(NOTE: You might need to make two redirects: one with a trailing slash, as in index.php/wp-admin/ and another without the trailing slash, as in index.php/wp-admin just to be on the safe side).
I tested the draft spying issue with respect to the WordPress RSS feed, but was not able to reproduce it even on my other sites that do not use the Feedburner redirect plugin.
So if you're the kind of WordPress blogger who likes to write drafts, protect your future posts from the prying eyes of the WordPress post hijackers.
Make money by selling ebooks and infoproducts. Accept payments via Payloadz.ยป Find out how you can make this work for YOU.
Manuel Viloria is your friendly multimedia internet publishing coach who helps you gain more traffic for your web sites. Whether it's through blogging, podcasting, article marketing, videoblogging, email listbuilding, or even through Web 2.0 or social network marketing, you can increase your website visitors today. For more information, please visit Get More Traffic | ManuelViloria.com
"WordPress Draft Spy"
First Posted: December 29, 2007 | Filed in: Wordpress
Subscribe to RSS Feed