How secure is your WP blog?

A recent post by Vicola revealed an interesting hole in the assumed security of password protected blog entries.

I use Google Reader to keep an eye on the quality blogs I follow which is used in conjunction with logging into Google with an account name and password. This gives me a configurable home page that I can access wherever I go and on any machine I use to hit the Net. Very handy for getting to a familiar workplace. Part of that virtual Home Page includes the Google Reader unviewed watched list.

Google Reader not only notes that a new posting has gone up but also includes a preview if you click the link. For VOX posts it only showed the first few lines but WP blogs show the whole post plus images. It’s a feature I love because I only need to follow the link to the post if I want to leave a comment or “like” a post.

But here is the rub. On Vicola’s post the full text was revealed. Initially I thought she had decided against a hidden post but when I clicked the link to the full blog post, it was waiting for a password.

Ouch.

I don’t know how many folk use Google Reader and chances are you wont get caught out by this feature, but if you want to keep access restricted and reduce family stress then the password protected post is not secure enough.

Advertisements

One thought on “How secure is your WP blog?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s