WordPress.org

Ready to get started?Download WordPress

Forums

Bad Behavior
Bad Behavior Causing Potential Privacy/Security Issue (5 posts)

  1. Bryan Hadaway
    Member
    Posted 2 years ago #

    I like the security that BB adds, but what about securing BB itself?

    For the first time I just realized that BB prints the users' IP address directly in the source code. While one can respectfully argue that users would only be able to see their own IP address...

    What about if you're using a caching plugin like W3 Total Cache? Could IP addresses theoretically get cached or is my line of thinking wrong or is there a fail-safe for this anyways?

    Thanks, Bryan

    http://wordpress.org/extend/plugins/bad-behavior/

  2. Pretty sure your thinking is wrong. ;)

    Try it: visit your site after you've cleared your browser's cache and cookies. Wait until someone else visits your WordPress URL (your server logs will tell you).

    Then visit the site yourself. If you see someone else's IP address in the HTML code then this will confirm your suspicions.

    If that's the case, it's not a security issue. It may be a privacy issue but I doubt that too...

  3. Bryan Hadaway
    Member
    Posted 2 years ago #

    That's not the way that I'm considering it being possible, but I certainly still hope I'm wrong for peace of mind.

    What I'm talking about is a caching plugin that stores cached scripts, in this case JS and then serves the same thing to everyone.

    Cache files that could be located and read by a savvy and/or malicious person for what purposes, I don't know...

    Still, I figured it was a noteworthy possible security hole.

    Thanks, Bryan

  4. Sunrise12
    Member
    Posted 1 year ago #

    I just noticed the same thing and don't like it.

    Is it really necessary to output the IP address in the source code?

    Seems like a flaw to me.

    ~ Ana

  5. szepe.viktor
    Member
    Posted 1 year ago #

    I agree: there is a someone else's (a Vodefone user's) IP in the page's HTML source.

    Could you test for WP cache in yor code? And output something else for to be cached paged. (because that page will be served later to everyone)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.