my client of a big website just called me, all agitated. information for his orders can be listed publicly, this includes comments by his customers, phone numbers (if in the comment) etc. (he found it out because he was checking where his phone number is listed....)
hidden link
i've googled for "This is where store orders are stored.", and what do you know: 1000s of websites, all exposing this data, i'm 100% certainly unkowingly. looking in the page code: every single one of them is using toolset.
this is a bug, a security problem. and i dont understand why this would not be activated only optionally, if really necessary.
i will implement your suggested code in the other ticket. but i would appreciate a feedback if this can and will be fixed. or if you have a completely different view of this.
thank you!
kind regards
Beat
Edit: even only the information about how many orders are being placed is certainly not something any shop owners wants. in this case, at least the order note is also published.
would another quick fix be to simply redirect /shop_order/* ?
We have an internal ticket about this (which I created in response to the previous thread you linked to) and the developers state that orders were made public in response to many demands to be able to create Views to display lists of orders as well as individual orders.
They have accepted in principle adding an option for users to decide whether to have visible orders or not , but we can't simply add that and turn it off by default because the large number of existing sites that depend upon it.
Also, you can simply use Access to set rights over the order post type, including removing read permissions for specified roles, so that no-one should have access that isn't explicitly granted permission.
Given that is what Access is for, adding another option isn't being handled as much of a priority.
It might happen, but I can't say when.
In the meantime I've added this thread to the internal ticket as a nudge to the developers.