Fixing Potential Privacy Breach In Collaborative Wordpress
If you're new here, grab my feed so that you don't miss out on all the cool stuff that I dish out here >> RSS feed. Thanks for visiting!
If you are the only one to login into the dashboard of a Wordpress run website, then its one less issue to worry about. But if you allow readers to register themselves as Contributors on the site and write posts, or have multiple users login into the admin panel, then there are chances of compromising a user’s privacy.
In Wordpress, any role higher than a Subscriber, that is Contributor and above, can login into the admin panel and view IP addresses/ emails of all those who post comments on the website.
Wordpress doesn’t have any in-built feature yet which allows the administrator to disable it. So if the websites themselves do not take any measures, this could lead to a potential privacy breach.
To get a better idea of what I am talking about, take a look at this popular Wordpress run current affairs website (www.naitazi.com) where users can “Post News”, which basically translates to registering as a Contributor and then posting articles.
You can either create your own id or use the one that I have created for test purposes - test123\test123 (Just don’t change the password)
Now if you go to the Comments section, you don’t see the ip address next to the comment authors name, which is a good thing. It means the website is making an effort in protecting the privacy of its readers.
But only in a half hearted manner. (Perhaps they are not aware of it?)
Within the Comments section, if you right click and view the source of the page, you can view all the ip addresses of those who commented on the website. This is a major breach.
So how to protect the privacy
I use the following piece of code to disable Comments in one of my websites (I am unable to recall who made this plugin, if you can let me know, I would link back to you).
You need to create a .php file with the code below, save it in your plugins folder, and activate it.
==========
<?php
function check_user_capabilities() {
global $user_level;
if ((strpos($_SERVER[’SCRIPT_NAME’], ‘wp-admin/edit-comments.php’)) or (strpos($_SERVER[’SCRIPT_NAME’], ‘wp-admin/comment.php’))) {
if ($user_level < 9){
echo “<div class=’wrap’><h3>As A Mark Of Respect To Endangered Bengal Tigers, We Don’t Allow Access To Comments From Here ;-)</a></h3></div>”;
echo “<div class=’wrap’><h3>Please go <a href=’http://www.nameofyourwebsite.com/wp-admin/’>back. </a> </h3></div>”;
// include(’admin-footer.php’);
die();
}
}
}
add_action(’init’, ‘check_user_capabilities’);
?>
============
If you run a multi user blog, I would be interested to know how you take care of this issue.
Related Posts
Comments
One Response to “Fixing Potential Privacy Breach In Collaborative Wordpress”
Leave a Reply
The site which is posting commenters ip addresses is a major security breach. I wonder why they have still not plugged this serious breach. Even the commenters are not bothered about it!!