The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

HELP!!! My drafts can be viewed (19 posts)

  1. zapata
    Posted 10 years ago #

    I used to find my ideas that I used to save as drafts land up on a few other websites. Then someone informed me that it is very easy for anyone to view my saved drafts. I tried it by logging out and entering mywebsitename.com/p?randomNumber - and the draft shows up. I have about 20 - 25 ideas that I save as draft and keep working on them until they are complete.

    Is there anyway drafts cannot be allowed to be viewed by anyone except me? Please help!

  2. Class
    Posted 10 years ago #

    I haven't tried but perhaps password protecting the drafts would work?

    Drafts shouldn't be viewable IMO, don't know if this is a bug or just an oversight from the devs.

  3. manstraw
    Posted 10 years ago #

    hmmm, yep, just tested this. kinda not good!

    this should really big considered a bug.

  4. Chris_K
    Posted 10 years ago #

    Are you logged in when testing?

    See http://trac.wordpress.org/ticket/2697 -- in particular, this response:

    If you are logged in, you can see draft posts for which you have edit privileges in this manner. Make sure aren't logged in. I can't see your drafts using those links.

  5. zapata
    Posted 10 years ago #

    I logged out and then type in the url of the draft which is fairly easy to decipher by anyone. It goes like this:


    That led me to the draft that was copied by one of the websites that I had long suspected of somehow managing to steal my ideas.

    You don't have to be logged in to access the draft if you use the above URL.

  6. Chris_K
    Posted 10 years ago #

    I can't reproduce it when I've logged out on my own blog. Have a harmless draft on yours that you'd be willing to post a link to?

  7. I thought this to be a bug too, but when I logged out and closed and reopened my browser, then attempted to view my drafts, I got nothing back but a 404.

    Drafts can only be viewed by users with the priveledges to do so. This is so the preview functionality works in the editor page.

    But, just post a link to a draft and see if anybody else can see it.

  8. manstraw
    Posted 10 years ago #

    I tested it by logging out, and when I viewed the post, it did not show the edit button, which the theme I'm using does when an author person is logged in. This would seem to indicate I am reading the post without being logged in.

    I'm willing to do a test draft and post the link.


    Tell me the secret word.

  9. charle97
    Posted 10 years ago #


    do i win a prize?

  10. Chris_K
    Posted 10 years ago #

    Far out!

    No why can't I replicate that I wonder? Weird. You might want to revisit that trac link I posted earlier...

  11. manstraw
    Posted 10 years ago #

    Charle97 wins an absolutely huge prize that is neither huge, nor a prize.

    yep, weird stuff. I wonder if there's a setting somewhere that affects this. or one of my plugins or something ... somehow ...

  12. zapata
    Posted 10 years ago #

    Sorry guys just logged in to check comments. Heres the draft link :


  13. Chris_K
    Posted 10 years ago #

    So one of you is 2.0.2, the other is 2.0. I'm on 2.0.2 and still can't reproduce it.

    Plugins maybe? What plugins are zapata and manstraw running?

  14. zapata
    Posted 10 years ago #

    I'm on 2.0

  15. zapata
    Posted 10 years ago #

  16. The Adhesive one strikes me as unusual specifically because it's messing with the post query. Try disabling it and see if the same thing happens.

    Failing that, disable the rest, one at a time, and see if the problem goes away for any given plugin.

  17. manstraw
    Posted 10 years ago #

    My plugins are as follows:

    Author Image(s) 0.9

    Adhesive 3.2

    Get Author Profile 0.3

    Photopress 0.9.2

    Recent Comments 1.18

    Subscribe2 2.1.5

    Theme Switcher 0.5

    WordPress Database Backup 1.7

    WP-ContactForm 1.4.3

    We have four plugins in common. I'll look first to those. I might even turn them all off, and see what happens, but I'll wait to do this when I won't have many visitors. If it was any of them, I might suspect adhesive, only because it affects the post order.

  18. manstraw
    Posted 10 years ago #

    Ah, Bingo, we have a winner. I disabled Adhesive, and I could no longer see that post.

    I'll check to see if there's an update, and try again. If the errors persists, I guess it's time to let the author know.

    Good work team!

  19. zapata
    Posted 10 years ago #


    *** Bowing to the Gurus of WP ***

    Thank you thank you thank you

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.