Tag: Security

Password Protect All Post Content

I recently used the built in WordPress protected visibility status in a project where information security was very important. This handy and little used feature does a great job securing content and providing user access on a basic level but has some pretty serious security holes if you hope to use it for anything more advanced. These include:

  • The identification cookie is stored in the users browser insecurely
  • The identification cookie is stored for 10 days without requiring the user to re-enter the password
  • Only the post content is protected, any additional meta on the page will be visible to unauthenticated users

Read more