WordPress Post By E-Mail Sucks

February 19, 2009

by — Posted in Security, Technology

One thing that has always annoyed me about WordPress is it’s “I don’t think about security for features” attitude.    Over time they have locked down the APIs a bit more.   They are now disabled by default.  Default passwords are complex when using a suggested one in the current version.   So what is my complaint?

Posting by e-mail is the easy way to take over your blog, at least in the content side of things.   For someone that crossposts, this could be a doubly evil attack.   This is why I have no good method for posting by e-mail on WordPress.  Essentially it is either on or it’s off.  Currently I have mine turned off, even those this could be a real boon to me when I am mobile.

There is one simple method they could do to adjust this and make it usable without worrying about someone finding out your “secret” e-mail posting address and posting things on the front page of your blog;  give you an option to allow the posts to show up as drafts (since I would also like to do some final formatting before publishing an article anyways).  There was a plugin called Postie which I used for my life archiving project, but I could never get to run automatically – so I gave up on that solution.  It is still a function that I desperately want.

I received advice once that if you posted to your blog via e-mail from an unknown e-mail address that it would post it as a draft post (i.e. not showing on your front page).   I did some testing on this, it’s a false rumor.   It so gave me hope.

So which version of WordPress is going to plug this whole and just give you the option to set e-mailed in articles as drafts?

8 thoughts on “WordPress Post By E-Mail Sucks

  1. You've perfectly described both of my objections to this facility.

    From a security point of view I've never DARED to use it, and, like you, I'm not happy about putting something on my blog before I've seen just what it looks like.

    I'm used to finding that even when I'm using the WordPress interface the published post looks in some way different from how I'd imagined it would be, and I have to adjust some formatting, or something, to get it how I want it, so the chances I'd be happy with a published blog post I've not even had the opportunity to preview are precisely zero.

    It makes no sense to offer a facility that contains such weaknesses and then do nothing to improve them. In general I love WordPress, so I really hope they'll get their act together and put this right.

  2. Hopefully they will get this fixed in some upcoming version. My interim fix is using wordpress iphone app – though I would like a good publish by email function in wordpress.

  3. I just had this happened to my blog…. Over 2 days someone post 27 posts with links all over my blog using Email posting. I keep it on, since I have a few blogs and it is easier to post this way. As far as I understand they had to figure out the log in as well? They were posting from admin but I have a complex password there… So I really do not get it, how did they managed to break in… If this is a common thing with WP then it is a major flow….

  4. I really like what you've done with this post. I personally think that word press post by email sucks as well. I've tried to do it before and it almost never works when I'm doing it on my iPhone… but others tell me that it works… oh well.

Leave a Reply