How secure is "My Private Site" plugin?

  • Resolved Archie_lko

    (@archie_lko)


    10 years, 4 months ago

    I read in the description, author saying how he was uncomfortable using a third party plugin for his security reason and hence made this plugin. Well I am in some what the same dilema. I am using this plugin on my site and its working just awesome. But the only worry is that is dere any easy crack/hack to bypass the force-login ? Beside, a lil light on working mechanism of the plugin will also be of great help, just to boost my confidence to keep using this plugin. I have few friends and I am sure they will try their little tricks and luck to get to my blogs and the blogs are still marked “public” which means if they do manage to bypass the login screen, all my blogs will be exposed, which are obviously very personal to me, somethinf i would never wanna share. So i would just like your words as to how strong the securtiy is on this plugin and are u aware of any possible crack/hack ?
    Thank You.
    Will wait for your respond.

    https://wordpress.org/plugins/jonradio-private-site/

Viewing 6 replies - 1 through 6 (of 6 total)
  • jon

    (@adiant)

    10 years, 4 months ago

    First, to clarify, I am the original author of this plugin, but David has graciously offered to adopt all of my plugins after personal and family health issues forced my retirement from supporting and maintaining them. Second, David is the security guru. I’m not, though I have been Programming continuously since 1971, professionally since 1973, and retired in 2007.

    I built the plugin to be as secure as WordPress is, by letting WordPress handle the login process, with the plugin’s code using WordPress’ authentication “hooks” to force login on public areas of a WordPress site. Plugin Settings are as secure as WordPress Settings since they are stored in the same database and accessed through the same WordPress PHP functions. Login status is as secure as WordPress login status because the plugin lets WordPress handle the cookie(s) that determine login status of each user and visitor.

    As I also said in the description, direct access by URL to images and other files, including any non-WordPress HTML files, is possible without being logged in, because WordPress does not protect any of those things. The biggest risk in this area is making a public site private, since archive.org and even search engines (through their “cached version” option) allow access to older versions of a URL, when the site was still public.

    Of course, if a web server was incorrectly set up to allow .php files to be viewed by visitors, or the WordPress database to be directly accessible by visitors, that would also be a major risk for WordPress without this plugin.

    As you can see, the security of this plugin was designed to match that of WordPress: no better and no worse.

    All of that said, this is not industrial grade security. Then again, WordPress has never claimed to provide industrial grade security when installed with all its default settings.

    Thread Starter Archie_lko

    (@archie_lko)

    10 years, 4 months ago

    Hello jonradio,, Thank you so much for such a quick response, I am very much aware that you are the orignal author of this plugin and undoubtedly the quality of the plugin is marvelous.
    But I still have few questions and I know you would have thought of the silly questions I am going to ask while you must be developing it, I would still like to mention for my satisfaction.

    So first, is it possible that someone might stop the page load before the redirect is made to the login and thereby being able to see everything that is made public.

    Second, is there any way wich you might be aware of, some way by wich one can make this plugin (or any other plugin for that matter) faulty or simply break, therefore again exposing the wordpress website. I mean, if other plugins break, its no harm i can always fix them but if this plugin fails all my personal blogs will be exposed.

    Thirdly, earlier a user mentioned how removing the “www” exposed the website. I did not clearly understood the problem but is the problem fixed or is there still some trick to get into the website bypasssing the login?

    Fourthly, I do have basic knowledge of web development and I totally understand why this plugin cannot stop the HTML, images etc from being accessed and I do not expect this plugin to work on those file either bcause i understand that it simply cant.

    At last, one another silly question, I have been working on wordpress for a week now and I have understood that there is some checkpoint called “hooks” and at those checkpoints wordpress looks at every plugin and whichever plugin demands its stake at that hook, the function of the respective plugin is being called and processed. (Please do correct me if i am assuming something wrong) . Anyways, so I wanted to know at which hook does this plugin make the redirect? Is is the very first hook that a plugin can touch? Also what all parts of the website has been processed before the plugin makes the redirect?
    and lastly, would you fearlessly used it for ur family blog with a little private content on your wordpress website.

    Well if u have read till this point, I am really thankful to u for your time and looking forwards for your reply.
    And thank you so much for such a great plugin and also for support.

    jon

    (@adiant)

    10 years, 4 months ago

    To answer your first question, the redirect occurs before any of the page is populated. Not even the opening <html> tag has been sent to the browser.

    Second question: I’m not aware of any ways to make my plugin fail like you suggest. The most obvious way with most plugins is by altering the URL query parameters, but this plugin could not be “tricked” in that manner.

    Third question: It is easy to get confused when testing WordPress itself and plugins. The Cookies that determine your logged-in status to WordPress are URL-based. There would be a separate Cookie for http://www.example.com and example.com. It is not usually a problem (i.e. – cannot happen in most setups), but all it means is if you log in to http://www.example.com then login again to example.com, you can log out of http://www.example.com and still find yourself logged in to example.com. This confuses Testers. Since a Visitor cannot log into either, it doesn’t matter. The only security risk that I can think of is having a User on a shared computer, but the bigger risk there, of course, is the User walking away from the share computer and not logging off at all.

    Fourth question is partially answered in the /includes/public.php module with this code:

    /*	Earliest Action Hook possible is 'template_redirect',
	AFTER Rewrite: URL changed with Pretty Permalinks and
	correcting the presence or absence of www. in domain name.

	Unfortunately, a wpengine.com (hosting site) mandatory plugin
	appears to be blocking this hook, so the next hook in time sequence
	is being used:
	'get_header'
*/
add_action( 'get_header', 'jr_ps_force_login' );

    To clarify, Plugins, WordPress Core and Themes all queue themselves up for any Hooks (Filters or Actions) they want to use, and can set priorities on who goes first for a given Hook. My plugin makes no effort to be first or last in the code above, so allows the default priority of 10 to be used.

    I know your concerns, and I do use the plugin myself, but I think the biggest risks reside elsewhere. Specifically, turning the plugin off and having a search engine or archive.org capture the content. And an insecure web server.

    jon

    (@adiant)

    10 years, 4 months ago

    I should also add a third risk to the list: a hacker gaining access to a WordPress ID and password or your web hosting Control Panel. A month ago, the extremely secure web hosting company that I use caught a hacker trying to brute force (try common WordPress IDs with a million passwords) into one of my sites protected by this plugin. Needless to say, after a few attempts, the web hosting company locked down the site.

    The lesson here is to use some care in selecting WordPress IDs and passwords.

    Thread Starter Archie_lko

    (@archie_lko)

    10 years, 4 months ago

    All seems very convincing and neat. Once again, Thank you for your support and I hope you are doing great and happy. Thank You so much.

    Plugin Author David Gewirtz

    (@dgewirtz)

    10 years, 4 months ago

    I’ll step in and give you a very short answer: if you’re depending on security for a serious reason (say HIPAA or FERPA, or real confidentiality), don’t use a plugin. Use a real security environment and build your security inside that.

    Think of this plugin as a nice convenience for easy protection, but not truly secure protection. Remember that the plugin runs inside WordPress as a script and that is inherently insecure.

    I always recommend people think about things based on levels of security: are you trying to prevent a nation state from seeing your stuff? Are you trying to protect a life with your security? Are you protecting personal confidential information? Could lives be ruined or screwed up in any way if this information got into the wrong hands? If so, use a professional security environment.

    On the other hand, if you’d just prefer people don’t see something (like a Web site under development, a set of conversations among friends that are not intended to be sensitive, a product that might be announced in a week, or something equally moderately inconsequential), then use a plugin to block access.

    See the difference?

    –David

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘How secure is "My Private Site" plugin?’ is closed to new replies.