Need help? Check out our Support site, then


Security Problem - Password protected blogs show up in RSS

  1. A friend of mine has a password protected blog that I don't have the password too. She turned on the password after I'd subscribed via RSS.

    I recently updated my RSS feed for her blog, and all her posts were visible to me.

    This is a serious privacy hole - can you fix it please?

  2. If she added the password after you had subscribed then some of her posts may well have been in the feed as you got it.
    I will get this looked at but it is almost definitely not any sort of hole.

  3. No, these were definitely new posts that weren't already in the feed.
    I removed the feed and re-added it, and also tried opening the URL in Firefox directly. I got the full content both times.

  4. Please send me the blog address - support@wordpress.com

  5. This happened to me too! I think some feeds picked up a password protected post I wrote a couple months ago because I saw one of them cached on Google for Christ's sake! When you click on my page it shows only "need password," but key information of the post was totally visible in Google's summary box. I went through a hassle to get Google to remove it from their cache. I would not use WordPress.com pass protect feature again. IT IS NOT SECURE.

  6. Feeds ARE still protected.

    I just made a protected post. What is the word in it that I have asked you to say?
    http://podz.wordpress.com/feed/

  7. Well, I can't see your post if I go to the site direct:
    http://podz.wordpress.com/

    But if I put your feed in Google RSS, it shows me this much of the post:

    Oct 26, 2006 (4 days ago)
    Protected: Feed Protected
    from Thoughts on Support by podz

    This post is password protected. To view it please enter your password below:

    Password:

    So, I guess I can't see the post, only the prompt for the password.

Topic Closed

This topic has been closed to new replies.

About this Topic