Bad Behavior
Bad Behavior Causing Potential Privacy/Security Issue (5 posts)

  1. Bryan Hadaway
    Posted 3 years ago #

    I like the security that BB adds, but what about securing BB itself?

    For the first time I just realized that BB prints the users' IP address directly in the source code. While one can respectfully argue that users would only be able to see their own IP address...

    What about if you're using a caching plugin like W3 Total Cache? Could IP addresses theoretically get cached or is my line of thinking wrong or is there a fail-safe for this anyways?

    Thanks, Bryan


  2. Pretty sure your thinking is wrong. ;)

    Try it: visit your site after you've cleared your browser's cache and cookies. Wait until someone else visits your WordPress URL (your server logs will tell you).

    Then visit the site yourself. If you see someone else's IP address in the HTML code then this will confirm your suspicions.

    If that's the case, it's not a security issue. It may be a privacy issue but I doubt that too...

  3. Bryan Hadaway
    Posted 3 years ago #

    That's not the way that I'm considering it being possible, but I certainly still hope I'm wrong for peace of mind.

    What I'm talking about is a caching plugin that stores cached scripts, in this case JS and then serves the same thing to everyone.

    Cache files that could be located and read by a savvy and/or malicious person for what purposes, I don't know...

    Still, I figured it was a noteworthy possible security hole.

    Thanks, Bryan

  4. Sunrise12
    Posted 2 years ago #

    I just noticed the same thing and don't like it.

    Is it really necessary to output the IP address in the source code?

    Seems like a flaw to me.

    ~ Ana

  5. Viktor Szépe
    Posted 2 years ago #

    I agree: there is a someone else's (a Vodefone user's) IP in the page's HTML source.

    Could you test for WP cache in yor code? And output something else for to be cached paged. (because that page will be served later to everyone)

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Bad Behavior
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.