John Andrews is a Competitive Webmaster and Search Engine Optimization Consultant in Seattle, Washington. This is John Andrews blog on issues of interest to the SEO community and competitive webmasters. Want to know more?  Competitive Web & SEO

Now that I found a way to read the unpublished draft posts in your WordPress blog, I understand you much better

There is a draft post in my WordPress system called “Hand over your Lupins”. I never published it. I haven’t finished it yet. I don’t want anyone to read it in the current form, because it contains notes and suggestions for further development, including references to some key figures in SEO Celebrity Land. If that was published as it is, I’d get some heat for sure. But isn’t that the case for most “draft” posts? Certainly you would not expose your draft posts to the public, right?

But the only thing between those draft posts and the public is a WordPress front controller that checks a “publish” bit and passes over the drafts. On every page load. Those draft posts exist in your WordPress database, the same as your public posts do. That database is readable by the public-facing WordPress, and it is very reasonable to think that they might be “exposed” by a clever hack. Ever hear of a vulnerability in a WordPress plug in? Sure you have. It’s only a matter of time before somebody builds a popular plug-in which enables access to draft posts. It’s not terribly difficult… virtually any access hack could enable it.

So what would that reveal about you and your business? What do you have lurking in your drafts folder? What does your competitor potentially already know about your desire for Lupins, which until now you have been so careful to conceal?

★★ Click to share this article:   Digg this     Create a Bookmark     Add to Newsvine

4 Responses to “Now that I found a way to read the unpublished draft posts in your WordPress blog, I understand you much better”

  1. Aaron Pratt Says:

    Writing plugins to gain access to stuff is and will be done but how important are most people’s draft posts? I mean come on, most bloggers are boring, clueless attention getters. There can’t be anything of value in there.

    So what’s in your wallet that would be of more value John? :)

    “SEO Land” is getting really lame with all it’s “Top 10 ways” posts…maybe it is in need of a little fire.

  2. Adam C Says:

    I read this post a couple of days ago, and came back to it now after discovering some of my draft posts showing up in my analytics report. Interesting stuff. Don’t know whether this was as a result of a plug in or just default WordPress set-up. I suspect the latter, but will look into it.

  3. » Wordpress: That Took 14 Months - John Andrews - Says:

    […] In November of 2006 I noted how much fun it might be to read “draft” WordPress blog posts of competitors. Forteen months later, we read this and this and this. Good thing I deleted my Lupins post. Topical Tags: […]

  4. Rich Says:

    So here we are 2 years later and I see people reading my drafts posts. Is there a fix for this?