I « prefer » wordpress (dot org and dot com) because is the only popular alternative to social networks and is also OpenSource and you can take the control if you want.
Unfortunately WordPress is not perfect, I help a friend to setuup a new private blog from his old wordpress account, and we found this issues:
- Impossible toendusers to create awordpress account and get access to the private blog, in thewordpress people invitation workflow people expecting to see a private site is redirected to thewordpress main page:
- Some users think that they have to pay (not clear information). Frustration ->END
- Much complex information to get access to a simple private website of a friend. Frustration ->END
- After account creation people go to the new wordpress home for register users, they was expecting the private site and they are lost. Frustration ->END
- After account creation the user go to the private site, ever if he is invited, he can’t get access. Frustration ->END
- After account creation the user go to the private site, did login using their account password and do a access request ever if he was invited to the private site.
- The private blog
owneradmin never got the request. Frustration ->END
- NOTE: The request was in the blog owner account
- The private blog
- impossible to know who can access to the private wordpress or revoke access to any particular user, the Viewer role is not in the users list or followers.
When thewordpress owner was connected using one browser, we do an access request using otherwordpress user in other browser from the same computer, without the blog owner authorization this user got access to the private site. I try to reproduce the issue with another wordpress user in another computer without succes.
- NOTE: Request sended only to the blog owner, not to the blog admin.
- I can’t see or remove the
I think this like most WordPress problems are because:
- PHP programers culture and the language himself are not security oriented :(
- The marketing strategies to engage new users doesn’t keep in mind potential users invited by wordpress users.
In conclution, if you want to have a non public site/blog, wordpress can be an option if this site is for yourself
but if you have important information that others want to access WordPress is not an option.(Isn’t insecure as I was thinking, I do a mistake because the owner was accepting and aproving requests that admins doesn’t got but)