RSS Feed Security

  • Resolved bobjgarrett

    (@bobjgarrett)


    2 years, 11 months ago

    It seems your plugin, while preventing access to particularly categories via web pages, is not protecting them from being shared via the RSS feed.
    browsing to mysite.com/feed results in the display of an XML file of category supposedly hidden from general view.
    Is that right or have i overlooked something.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter bobjgarrett

    (@bobjgarrett)

    Further testing also shows that while the text content of posts for private categories are hidden on normal web pages, the post titles and images included are shown. So the plugin is not hiding private categories from public view.

    Plugin Support mbrsolution

    (@mbrsolution)

    Hi, are you also protecting the content of the page or post? As far as I know when you enable content protection in posts it also protects the RSS feed. So when you go to yoursite.com/feed you will not see any blog posts displayed.

    Kind regards.

    Thread Starter bobjgarrett

    (@bobjgarrett)

    I thought the same but have now verified this on two completely separate sites. Protecting a category from general view does not prevent the RSS feed from showing the content.
    While Firefox does not actually render the XML content it does download it like a file, while Chrome actually renders it.
    So “private” posts appear still available to the public in terms of their title and images with the full content also available via the XML.

    Plugin Support mbrsolution

    (@mbrsolution)

    Hi, I just completed a test in my dev site and it works for me. I was not able to see the content even when I type the following URL yoursite.com/feed/ on the browser. I can confirm this works for me.

    You might like to check the following documentation.

    https://mbrsolution.com/wordpress/simple-membership-plugin-category-protection.php

    Let me know if the information above helps you.

    Kind regards.

    Thread Starter bobjgarrett

    (@bobjgarrett)

    Thanks for your help on this. I have read through your documentation again and it is as I thought it was supposed to operate. So my two sites should be okay, though I do think that the titles of private posts should not be shown because these might give something away – a private post should be entirely private!

    I have now created a test site with your plugin and another which I feared might clash and it does operate correctly (though the private post titles do appear) so there is something strange about the other sites. I will have to look through their setup again carefully. Have you any suggestions as to why posts might be private within pages but not within feeds?

    Plugin Support mbrsolution

    (@mbrsolution)

    Hi,

    Have you any suggestions as to why posts might be private within pages but not within feeds?

    This might have something to do with the theme you are using. Try testing one of WordPress default themes like Twenty Twenty.

    Kind regards.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘RSS Feed Security’ is closed to new replies.