Bug #41

Potential Privacy/Security Issue

Added by Viktor Szépe over 6 years ago. Updated 6 months ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
2.00 h


as I see you are using timestamp+IP for the hidden input element
myElement.value = '1370701133';
it is not cache-friendly: the first generated page, so the first visitors data remains in the page cache

please use another technique to be cache-friendly, or disable this check on caching (you can "ask" WP about it)

WP support page:



Updated by Michael Hampton over 6 years ago

  • Assignee set to Michael Hampton

This code is useless and destructive in an environment where the cache is external, i.e. nginx or varnish front end caching. It also doesn't provide us much benefit as we already have other ways to do the same check. It will be removed shortly.


Updated by Michael Hampton over 6 years ago

Oh. Hyper Cache does 404 caching (which is generally a bad idea without very careful tuning). That's why this is an issue for you. I don't recommend Hyper Cache :) Anyway, this will be removed from Bad Behavior.


Updated by Viktor Szépe over 6 years ago

I mean basicly everyone sees the data (IP, timestamp) of the one who triggered caching. I personally turn off 404 caching in Hypercache:


Updated by Michael Hampton about 5 years ago

  • Status changed from New to Accepted
  • Start date deleted (06/08/2013)

Updated by Michael Hampton over 1 year ago

  • Target version changed from 3.0 to 2.2.21

Fixed in r1905739.

This will be fixed in the next release of Bad Behavior.

This feature has been removed.


Updated by Michael Hampton over 1 year ago

  • Status changed from Accepted to Resolved

Updated by Michael Hampton 6 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF