Without exercising caution, there are many ways you can unintentionally leak private information about your business, employees, suppliers, or even customers to the outside world. Here are five simple steps you can take to verify your website’s privacy:
1. Blog Posts
If you are hosting a blog, take a close look at your blog archive page (the page that lists all the recent posts) and the individual post pages. Are you listing the post author? Is the author identified by name or email address? Unless you are intentionally promoting the author of your blog posts, this information is best kept private, as it often defaults to the email address of the WordPress user who created the post.
Additionally, is the date of your post included? Unless the information in your post is time-sensitive, we recommend removing this detail since it may reveal activity patterns on your site.
You can find the relevant settings under Theme Customizations.
2. Author Archives
By default, WordPress creates a page for each WordPress user, listing all the blog posts they have authored. If your blog is not specifically promoting its authors, we recommend removing these listings from your site, as they can provide malicious actors with too much information about privileged users on your site.
You can easily accomplish this task using the Yoast plugin.
3. Forgotten Pages
These are pages you may have created a long time ago, but which are no longer linked to your main menu yet remain accessible to the public. Past information about your business, employees, and clients can give someone an advantage in exploiting your website. It’s important to identify and address such pages regularly.
You can see all the pages indexable by search engines in your sitemap file: https://domain.com/sitemap.xml
4. Images
Images taken with your phone or camera often include metadata about the time and place they were taken. If you are posting such images on your website, be sure to remove all metadata before uploading them. This ensures you don’t inadvertently share sensitive location or time-related information.
You can remove data from your images with online tools or using a plugin.
5. Custom Post Types
Many websites use custom types of data to organize content unique to their business. This could include lists of team members, services offered, or properties for sale. By default, WordPress generates an archive page listing all items from your custom post types, along with individual pages for each item. If not properly managed, these pages can unintentionally become a source of data leaks.
By performing these simple checks on your site on a regular basis, you can significantly reduce the risk of unintentionally exposing sensitive information related to your business. These steps will help you build trust with your customers and make your website a less attractive target for malicious actors.
Photo by Noelle Otto