Confidentiality problem of comments of Protected Posts
-
For posts which are protected by a password, normally only people who have the password can see the post and the comments.
But there is a flaw!
On the page of comment management (wp-admin/edit-comments.php), every user who has access to this page can see all comments of protected posts !!
This is not tolerable if they don’t have the password !
So hide these comments for Author and Contributor. They should not see comments for posts they don’t write and especially if they are protected by a password they dont have.Thanks for your attention.
The blog I need help with is: (visible only to logged in users)
-
-
Thanks for bringing this up. I’ll check into if this is a WordPress.com-unique quirk or within WordPress.org as well and raise it up with the right folks.
-
I also have a problem with visibility of comments on password protected posts.
Opening the comments of the next post (not protected): http://www.wizzewasjes.be/?p=12742#comments
and then clickin the url above of the protected post, everybody can read the comments.
-
Hi Sloef:
Your site is using WordPress.org–the free software used on the hosting provider of your choice, while this is support for WordPress.com (more about the difference: WordPress.com and WordPress.org)
On WordPress.com sites, that issue doesn’t happen (e.g. comments are hidden until the password is entered) and sounds to me that something may be miscoded in the theme your site is using.
Asking for help at http://wordpress.org/support or by contacting your theme’s developer. If your theme is from WordPress.org, each theme has a support forum from the theme’s homepage.
Thanks!
- The topic ‘Confidentiality problem of comments of Protected Posts’ is closed to new replies.
WordPress.com Forums 