Looks like anyone can easily spy on your WordPress drafts. Thankfully, there's a quick fix. And no, you don't even have to touch any of your WordPress PHP files.

First read about this in Ryan's WordPress Hacked: Anyone Can View Future/Draft Posts over at CyberNetNews.com, thanks to the Tweet of Tyler Reed.

In short, with a little patience, others can view your drafts or unpublished WordPress posts. If those folks are active bloggers, then they can publish a similar post ahead of you.

Ryan talks about quickly solving the problem by editing your wp-includes\query.php file.

If you're not comfortable editing that file and uploading the edited version back to your webserver, you can redirect

index.php/wp-admin/
to
/wp-admin/

(NOTE: You might need to make two redirects: one with a trailing slash, as in index.php/wp-admin/ and another without the trailing slash, as in index.php/wp-admin just to be on the safe side).

I tested the draft spying issue with respect to the WordPress RSS feed, but was not able to reproduce it even on my other sites that do not use the Feedburner redirect plugin.

So if you're the kind of WordPress blogger who likes to write drafts, protect your future posts from the prying eyes of the WordPress post hijackers.

Download Your FREE Ebook:
How To Get An Additional 25 to 50 Visitors To Your Site Daily (opens in a new window)

recommended: web site builder recommended: save the sale script recommended: download the viral marketing idea

Manuel Viloria is your multimedia internet publishing coach who helps you make $100 per day online. Whether it's through blogging, podcasting, article marketing, videoblogging, email listbuilding, or even through Web 2.0 or social network marketing, you can increase your website visitors today. For more information, please visit Make Money Online | ManuelViloria.com.

First Posted: December 29, 2007 | Filed in: Wordpress

Tags:

« Theme Redesign at CarlOcab.comStarting A Home Internet-Based Business »