My site http://vsagar.com is running on WP since last 4 years or so.
Today only I was cleaning up my media library, when I clicked the "view" button of one .jpg file in the library. It opened in new window and displayed all the media library files present on my site.
I thought it is so because I am logged in. and this would not be displayed when am logged out.
But to my surprise, its not the case. I visited the same link on different browser, in logged out condition), like http://www.vsagar.com/?attachment_id=2145 (for example), but it displayed all the contents of my library.
So this library contents are accessible to public from my site.
What is the security about this in WP?
Well, I tried one more thing.
I copied the same link and pasted with different domain, like eevblog.com, which run on WP. But there, to my surprise, I got 404error.
how this is possible.
What sort of security measures should I take to hide this library contents of my site from public?
Please help. Am scared. Its unbelievable for WP. I love WP and don't want to switch over.