Recent Topics
  1. b2evolution CMS Support Forums
  2. b2evolution Support
  3. General Support
  4. How to Protect A Private Blog?

How to Protect A Private Blog?

1 Jan 16, 2014 09:56    

Hi,

Currently using 4.1.6 and will upgrade one day to the latest version. In the meantime, I'm looking into ways to protecting private blogs. I like the idea and work that Achillis did, but it is only for post protection.

http://forums.b2evolution.net/protected-posts-plugin

Aside from having a semi-dedicated VPS and SSL, I'd like to have something else added within b2evo. Last week I found a log with a high volume of attempts to hack the site, since Christmas and started to receive spam emails. The host blocked a lot of IPs permanently. Thankfully, nothing has happened, but still... it is unnerving. There is nothing earth shattering going on in the private blogs other than health issues and research; nonetheless, I want to keep people's privacy. I suppose, if I had a wish list this would be a top desire -- for private blogs, another log-in page or pop-up panel within Admin to access those blogs. Just thinking aloud and don't have any solutions. I'm sure there are others on this forum who have more sensitive discussions in private that could use the extra security too.

Any ideas for protecting private blogs with another layer of security?

Thanks.

Back to top

3 Jan 17, 2014 23:53

Thank you for this suggestion. I'll test a blog to see what happens.

Back to top

5 Jan 20, 2014 00:45

I'm not sure what you want. I have two similar heath related blogs where only registered users can see the posts

Back to top

6 Jan 20, 2014 22:41

Hmmm.... I'm unsure if I can make myself clearer than what I have already stated. I want to try to implement EXTRA security to private blogs aside from the basics of permissions that come with the software and SSL.

What "if" someone hacked into the system posing as the fake Admin who has access to ALL BLOGS? How would the private blogs be protected? The only thing I can think of, is to have a sub-login page or password protection for each private blog. Therefore, the fake Admin trying to access those blogs would be blocked. The extra layer of security would be a nice option to implement to any version of the blogs.

Back to top

7 Apr 22, 2014 00:40

Hi Tosca. It's been a few months hope you've sorted something.

The only way I can see someone getting my login as admin is either there's a key logging malware or database breached by an query injection. In either case an alternative admin wouldn't do anything.

Blogs don't have to be visible and access can be blocked to any of the blogs in a multiple setup any category and any set of posts

You could even put a blog in a password protected folder on your server

Back to top

8 Apr 22, 2014 04:41

Hello everyone,

There is also a quite easy trick to "hide" all the content of a particular collection to the public and doesn't need any add-on: avoid the Public status for posts and comments, and use Members or Community instead. Thus, only special users, for the first case, or all the logged in users, for the second one, will have access to the content.

Actually, playing around with the advancd permissions and user groups, we could grant a per-blog access to specific groups. For example: Group A is able to read posts only in Blog A, Group B is able to read posts only in Blog B and so on.

If you already have a lot of Public posts and comments, a single SQL statement could make a massive status change.

Regards!

Back to top


Form is loading...