Email subscription password protection

• 

  lgoodacre · Member · Sep 10, 2010 at 3:51 am

  • Copy link
  • Add topic to favorites

  I use password protection to protect my posts. However, it has come to my attention that users who are subscribed via email do not need to enter a password to view my posts. I tried signing up for email subscription myself and didn’t have any trouble doing so without a password. This seems like a gaping hole in security. Does anyone know a way that I can keep my subscribers but maintain security?

  I’m using the Blog Subscription widgit.

• 

  justjennifer · Member · Sep 10, 2010 at 9:55 am

  • Copy link

  I’m not really sure why password protected entries would be sent out, but I’ve tagged this thread so that hopefully Staff will look in and answer your question.

• 

  hanni · Member · Sep 11, 2010 at 4:55 pm

  • Copy link

  @lgoodacre – can you give me an example of one of these posts?

• 

  raincoaster · Member · Sep 11, 2010 at 6:07 pm

  • Copy link

  I have heard of this happening with two other blogs as well. It’s not just you.

• 

  lgoodacre · Member · Sep 12, 2010 at 3:21 am

  • Copy link

  My blog is here: http://postcardfromindia.wordpress.com/. Most of the new posts are password protected. I took the email subscription tool down already, but I can’t put it back up if you want to dabble.

  Thanks for helping.

• 

  markel · Staff · Sep 15, 2010 at 5:03 pm

  • Copy link

  My blog is here: http://postcardfromindia.wordpress.com/. Most of the new posts are password protected. I took the email subscription tool down already, but I can’t put it back up if you want to dabble.

  Was this occurring for all password-protected posts, or just specific ones?

  If it’s just specific ones, can you please give the URL of those here? Thanks!

• 

  lgoodacre · Member · Sep 16, 2010 at 6:38 am

  • Copy link

  I’m pretty sure that it was happening with all password protected posts (I don’t know for sure because it’s my viewers, not me, who experience the problem). Here is an example post: http://postcardfromindia.wordpress.com/2010/09/09/learning/

• 

  markel · Staff · Sep 17, 2010 at 3:53 pm

  • Copy link

  I’m pretty sure that it was happening with all password protected posts (I don’t know for sure because it’s my viewers, not me, who experience the problem). Here is an example post: http://postcardfromindia.wordpress.com/2010/09/09/learning/

  We’re investigating.

• 

  markel · Staff · Sep 17, 2010 at 4:19 pm

  • Copy link

  A couple of questions:

  When a password-protected post is published, email subscribers receive an email stating that a password-protected post was published, but not any of the content. They will still need to enter the password to view the post itself. Did these emails actually contain the content of the post?

  Are you publishing the post normally, then changing it to include a password on a subsequent update? In order for the subscription emails to not include the content of the post, the password must be fully added before the post is published for the first time.

• 

  lgoodacre · Member · Sep 19, 2010 at 1:17 pm

  • Copy link

  After further examination, it appears that I was totally mistaken about this problem. One of my readers informed me about it last week. I asked her to forward me the emails in question to help with your investigation, but when they came through they were properly protected. I am guessing that she entered the password the first time and that the website automatically recognized her IP address the next time.

  Markel, I really hope that I haven’t wasted too much of your time on this wild goose chase. At the very least, you should know that I am delighted that you’ve been there to help and that I am further reassured about the reliability of WordPress.