Michelle Moore

Hello @halilesen,

The post would still be publicly published. I have some posts that I would want to go to that newsletter recipients and then some that I would not want to go to the newsletter recipients (in other words not emailed to them), but that are still available publicly.

To provide a background, my website is primarily for sharing my photography, but occasionally I might answer the WordPress question of the day or provide an answer to a friend or something like that. I would like the choice of whether the posts is sent to the email newsletter recipients.

Note, I did experiment with the subscribe by subject feature. The test recipient for the specific subject received all posts. And I also did not see how I could change the subject for the existing recipients.

Thank you @akirk! I appreciate it! I will follow the pull request. Thank you!

Thank you @akirk for your reply. I do understand what you are saying about the users having a special password or that the users that are Friends are the ones that have can see what you all them to. It still just adds a risk to my site. Here is another popular plugin that provides a risk https://www.bleepingcomputer.com/news/security/wordpress-elementor-plugin-bug-let-attackers-hijack-accounts-on-1m-sites/.

Again, I do like your plugin and appreciate the skill it took to dream up the concept and realize the vision. Please take this as the suggestion that it is.

Hello @akirk, I thought about this question and wrote out my answer in a blog post and have pasted below. Thank you for the dialog and consideration!

Hello Alex,

Thank you for your reply to my question regarding the Friends plugin.

First just let me say that you have created an awesome plugin. I am sure that my lack of knowledge regarding historical site to site communications clouds my judgement on having a user created. In response to your reply and question back to me of: “this is a thing that people frequently seem to dislike about the plugin. Could you enlighten me about your reasons?”

My site, which is a combination of a personal blog and eventually commercial blog, hopefully one day to sell my photography, has only ever had one user me. At the most two, a test user, me.

Concerns

I think to sum it up, I want to follow you but don’t want to be your partner for life. Adding a user is like a partner for life.

Website to Website Communication: I use the Webmention plugin to communicate with other websites. I use this to comment on or reply to other websites.

Attribution: When I want to share a post from another person’s website, I will type the author’s name and URL into the post and attribute it properly. So I don’t need features like that.

Quantity/Maintenance: I follow to many people and websites at the moment, I wouldn’t want to have that number of users in my User list. I love the idea of the /friends/ page with the feed of what I am following. On the surface this looks like a lot of maintenance to have all of these followed people as users, though I understand that we don’t do a lot with the Users in our websites daily. Understood that the maintenance would be done in the Friends plugin.

Performance: I am assuming there is no performance degradation with the content of all of those users coming in, but if so, I wouldn’t want any performance degradation.

Privacy: In one of your videos I saw that the Friend, which is a user, could with the correct permissions, see your private posts. I am sure this is a setting, but I don’t want anyone to see a post that I have marked as private. In essence as soon as you allow this, that post is public anyway because the other person could copy or screenshot that post. This would not be a common use case for me. (Though I do have a custom post type that I use to share things with my family that I don’t want in my regular post types.) Additionally, I would just add a password to the post if it was private.

Alex, as I read a little more about your Friends plugin, I am thinking it was definitely ahead of its time. Providing the capability to let your friends read your private posts, if allowed, and providing the interaction features, is awesome!

Security: Understanding that the users don’t have elevated privilege, what if something goes wrong and they do? Recently the Advanced Custom Fields plugin vulnerability “allows any unauthenticated user to steal sensitive information for, in this case, privilege escalation on the WordPress site tricking a privileged user to visit the crafted URL path.” https://wptavern.com/advanced-custom-fields-plugin-patches-reflected-xss-vulnerability I don’t know what that is exactly :-), but the words user and escalated privilege stand out. To me, every user that I add to my website, adds a risk that someone out there can exploit.

Misc: I am sure that someone with a more technical background can provide additional reasons for not wanting the added users.

Thoughts:

How can you make the Friends plugin, combined with the Mastodon Access plugin, and ActivityPub plugin act like a true Mastodon or other ActivityPub site with following, replies, mobile posting, mobile likes, boosts, and follows?

I have read that Friends uses the common WordPress infrastructure. Could you possibly have a Friends plugin that gives an option to have the users in a customer table for Friends plugin users that don’t want to add actual WordPress Users?

The Setup I Would Want

• My site viewable on Mastodon or other ActivityPub sites. [Done – Available with the ActivityPub plugin.]
• To be able to use my site to communicate with other sites. [Done – Available with the Webmention plugin.]
• To be able to use a mobile app to create post and follow others. [Experimenting with the Enable Mastodon Apps plugin without success, but let’s consider this almost done. I just need to submit a ticket to see what I am doing incorrectly.]
• To be able to follow other ActivityPub users, in my case Mastodon users and sites with ActivityPub support, and see the follower number increase in my profile on the platform. [Can’t do this.]
• Feedreader: I like the implemented feedreader and would want to use this in my RSS reader. [I can probably do this, but haven’t gotten that far yet.]

• This reply was modified 1 year, 10 months ago by Jan Dembowski. Reason: Removed link, please keep the conversation here instead and not your blog

Thank you! That answers my question.

Thank you @bluejay77! Maybe a better question would be, would those files ever be indexed in a search. If used the client portal would it eliminate the issue?