Publié le

WordPress privacy EpicFail

I « prefer » wordpress (dot org and dot com) because is the only popular alternative to social networks and is also OpenSource and you can take the control if you want.

Unfortunately WordPress is not perfect, I help a friend to setuup a new private blog from his old wordpress account, and we found this issues:

  1. Impossible toendusers to create awordpress account and get access to the private blog, in thewordpress people invitation workflow people expecting to see a private site is redirected to thewordpress main page:
    • Some users think that they have to pay (not clear information). Frustration ->END
    • Much complex information to get access to a simple private website of a friend. Frustration ->END
    • After  account creation people go to the new wordpress home for register users, they was expecting the private site and they are lost. Frustration ->END
    • After account creation the user go to the private site, ever if he is invited, he can’t get access. Frustration ->END
    • After account creation the user go to the private site, did login using their account password and do a access request ever if he was invited to the private site.
      • The private blog owner admin never got the request. Frustration ->END
        • NOTE: The request was in the blog owner account
  2. impossible to know who can access to the private wordpress or revoke access to any particular user, the Viewer role is not in the users list or followers.
  3. When thewordpress owner was connected using one browser, we do an access request using otherwordpress user in other browser from the same computer, without the blog owner authorization this user got access to the private site.
    • I try to reproduce the issue with another wordpress user in another computer without succes.
      • NOTE: Request sended only to the blog owner, not to the blog admin.
    • I can’t see or remove the unauthorized user.

I think this like most WordPress problems are because:

  1. PHP programers culture and the language himself are not security oriented :(
  2. The marketing strategies to engage new users doesn’t keep in mind potential users invited by wordpress users.

In conclution, if you want to have a non public site/blog, wordpress can be an option if this site is for yourself but if you have important information that others want to access WordPress is not an option.(Isn’t insecure as I was thinking, I do a mistake because the owner was accepting and aproving requests that admins doesn’t got but)

À propos de Fredy Rouge

Leader, Créatif, Autodidacte et Geek ☺

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s