Access to Private Blogs
-
Heya,
I contribute to a couple of blogs. One of them, which belongs to a friend of mine, is set to be private because she uses it as a diary. Recently it became apparent that her ex-boyfriend, who works for a web hosting company, has been reading it, even though he isn’t supposed to have access to it. When asked how exactly he managed to do it, he said that they ‘work with WordPress’.
I realise that without mentioning the name of the company and giving more specific examples I probably won’t get any response. Anyway, I’m sure that those who work for WordPress know that this is possible, so I decided to post this. Perhaps I am too naive to think that when we set up a blog to be private, it really is, but shouldn’t it be at least a bit harder for those interested in reading it?
-
Why don’t you post the name of the company he works for, so that WordPress can bring it to their attention?
-
He’s a friend of mine, I don’t want to cause him any problems. And even if I do, this wouldn’t change the fact that people all around the world can easily do this as long as they don’t brag about it.
-
Have you at least told the woman? I can’t imagine she’d want to continue writing a diary knowing this!
Or perhaps she could begin writing a “Living well is the best revenge.” version. -
She was the one who told me about him reading it, and everything is fine, don’t worry. :) She didn’t have anything to hide, and I’m sure she would have given him access to the blog if he asked her.
-
Without providing more details, I don’t think there’s any way for anyone to look into this. I suspect you’ve misunderstood something that you’ve been told.
-
Your assumption is wrong, I didn’t misunderstood anything. And yep, I realise that it might not sound convincing enough. I rely on the concept that when somebody from WordPress reads it, he or she would know that this is possible.
-
You need to send this information to wordpress staff directly. They most certainly aren’t going to discuss anything like this here in the forums.
If this person is using their company’s connection with wordpress to read private blogs, they are most likely (highly likely) in violation of the agreement between wordpress and the company in question and there could very well be very serious legal issues.
This, from the little you have shared is a SERIOUS breach of confidentiality.
-
I realise this, and what’s more important is not the single case but rather that it seems to be far too easy to be done.
-
We never ever ever give any details about passwords, email addresses, names or anything else unless we get a Court Order and are legally required to release it.
There is no way at all that someone here could have given a password to anyone. Would not happen.
If you want to discuss it in detail, please contact Support using the form below and I will address every question you have – promise.
But honestly – privacy and confidentiality is an absolute and no matter who were to ask or what story they came up with would we give any details at all.
-
That I just set to Private. If anyone can tell me the title of the latest post I would be – to put it lightly – very very surprised.
-
It sounds to me like your friend may have a blog using WordPress.ORG software that is hosted somewhere other than WordPress.com. If that other person works for the hosting company, then yes, he probably can look at her private blog. He might be able to hack into it, depending on what she’s got in terms of security. What we have in terms of security here is quite different.
-
@raincoaster, I don’t know think that is true – and I hope it is not. WordPress does the username and password during the setup process for the blog, and the host isn’t involved, and the password is automatically and randomly generated (unless the person changes it to something that is easy to guess after the setup is done).
My guess is that the password she is using on her blog was something that was easy for him to guess. People don’t realize how important it is to have strong passwords that have a variety of characters, numbers and special characters in it. Those seldom are guessed, where as using the name of your child, or your pet, or your pet name for your child are much easier.
-
But would the hosting company not have access to the actual files on their own servers? And if they did an email service as well, they’d presumably be able to look into her emails and see the password.
-
The OP seems to be asking an ethical, rather than technical question, though he is making it appear to be a problem about the technical aspects.
See here from:
http://support.wordpress.com/settings/privacy-settings/ :
“Note: WordPress.com employees can read all blog regardless of Privacy setting.”He (the OP) seems to be posting a warning that some employees @ wordpress have access to private blogs. Or/and employees at hosting sites associated with automattic have access to those private blogs.
In my opinion, I don’t think it is a matter of someone guessing a password as Mark suggested.
-
Without a link to the blog, starting with http, none of us can confirm anything whatsoever, not even that it is hosted here OR that it is private. We see people making .org for .com mistakes all the time. This wouldn’t surprise me if it were one of those cases.
-
-
If the host email system is set up properly, and the user doesn’t have it set up to save copies of the emails on the email server, once the user gets the emails they are deleted.
I suppose there are ways around this, but I have a hard time believing any web host would give access to a “contractor” doing work for them to that sensitive data (passwords, usernames, etc.). I’m not saying it could not happen, I’m just saying that it would be really recklessness of a high order for a host to do such. People get arrested and sent to jail for those kinds of breaches of privacy and confidence.
-
1tess is right, the password is definitely not the issue because I was the one who set up the blog. It is hosted on WordPress.com as well.
Mark, thanks for the offer but I’m in a quite delicate situation. I have to ask him to do something illegal, again, and then report it to you.
I will ask him to tell me exactly what he did and then write here again. Perhaps he used an exploit of some kind and didn’t want to bother her with the technical details.
-
If he’s her ex-boyfriend, did she ever log into her blog from his computer? It would then be dead easy from that point.
- The topic ‘Access to Private Blogs’ is closed to new replies.
WordPress.com Forums 