Skip to content

Now that I found a way to read the unpublished draft posts in your WordPress blog, I understand you much better

There is a draft post in my WordPress system called “Hand over your Lupins”. I never published it. I haven’t finished it yet. I don’t want anyone to read it in the current form, because it contains notes and suggestions for further development, including references to some key figures in SEO Celebrity Land. If that was published as it is, I’d get some heat for sure. But isn’t that the case for most “draft” posts? Certainly you would not expose your draft posts to the public, right?

But the only thing between those draft posts and the public is a WordPress front controller that checks a “publish” bit and passes over the drafts. On every page load. Those draft posts exist in your WordPress database, the same as your public posts do. That database is readable by the public-facing WordPress, and it is very reasonable to think that they might be “exposed” by a clever hack. Ever hear of a vulnerability in a WordPress plug in? Sure you have. It’s only a matter of time before somebody builds a popular plug-in which enables access to draft posts. It’s not terribly difficult… virtually any access hack could enable it.

So what would that reveal about you and your business? What do you have lurking in your drafts folder? What does your competitor potentially already know about your desire for Lupins, which until now you have been so careful to conceal?

3 Comments

  1. Aaron Pratt wrote:

    Writing plugins to gain access to stuff is and will be done but how important are most people’s draft posts? I mean come on, most bloggers are boring, clueless attention getters. There can’t be anything of value in there.

    So what’s in your wallet that would be of more value John? :)

    “SEO Land” is getting really lame with all it’s “Top 10 ways” posts…maybe it is in need of a little fire.

    Sunday, November 5, 2006 at 9:27 pm | Permalink
  2. Adam C wrote:

    I read this post a couple of days ago, and came back to it now after discovering some of my draft posts showing up in my analytics report. Interesting stuff. Don’t know whether this was as a result of a plug in or just default WordPress set-up. I suspect the latter, but will look into it.

    Friday, November 10, 2006 at 2:36 am | Permalink
  3. Rich wrote:

    So here we are 2 years later and I see people reading my drafts posts. Is there a fix for this?

    Tuesday, September 8, 2009 at 4:46 pm | Permalink

One Trackback/Pingback

  1. » Wordpress: That Took 14 Months - John Andrews - johnon.com on Sunday, December 30, 2007 at 12:35 pm

    […] In November of 2006 I noted how much fun it might be to read “draft” WordPress blog posts of competitors. Forteen months later, we read this and this and this. Good thing I deleted my Lupins post. Topical Tags: […]