I was recently asked whether a blog author's email address is private from other users on the site and from the public in general. My initial reaction was to say "of course" but I just wanted to run it by the MU gurus in this forum if they knew of anyway a blog author's email address could be inadvertently revealed?
I remember seeing an MU plugin a while back which implemented some sort of buddies system - when you added another user as a friend, you could see their email address. I deactivated the plugin straight away because it didn't seem like a good thing.
Can anyone else think of any other way that this may happen??
Cheers - Stuart.
I deactivated the plugin straight away because it didn't seem like a good thing.
Why didn't you just remove that portion of the code?
WPMu shouldn't be displaying the email address to any visitor. Blog admins and site wide admins are another story of course. Any plugin is outside of WPMu and, like all third parties, you need to be reviewing what's going on. We can't help you with those.
lunabyte
Member
Posted 17 years ago #
Along these lines, I'm concerned with individual blog admins being able to add users by their email address.
Next thing you know, spammers aren't going to be signing up to post splogs, but capture email addresses while they search for users to add to their blog.
Think I might have to do some tweaking on this one.
Actually using the account name instead has been suggested a few times over in wp.com land. The issue with that though is folks like me would be added by the ton to all these blogs. I'm currently listed on about 20 and have to go to staff every so often and get to remove me and that's with just having my email address out there. Imaging how bad it would be if it was by username.
lunabyte
Member
Posted 17 years ago #
Agreed.
Only possible solution would be a confirmation email to the user being added, and if it sits for 48 hours (or whatever) without being activated then it is removed.
Originally you could add users to your by username, but as drmike points out, people with common or popular names were being added all over the place!
The only privacy hole I can think of is where people leave comments on your blog and then the email address is visible to the author of the post and/or the blog admin.
then the email address is visible to the author of the post and/or the blog admin.
Something else we've gone through in the wp.com forums a couple times now. /me rolls eyes.
Thanks for the responses, I feel better now.
@DrMike - I didn't remove the code because I didn't really like the plugin anyway.
Cheers - Stuart
