Enabling RSS URLs Creates a Security Hole
(Since version 2.5.1)
RSS URLs do required you to login to access them by default. You can create RSS URLs to add to any RSS feed reader to show some of all of the contents of a form. But to make it work with a feed reader that doesn’t allow you to login, you have to make such URLs publicly accessible.
How to Generate an RSS URL
Go to the WordPress administration page,
- Contact Form DB -> Short Code
- Choose a form
- Choose “Export File” = “RSS“
- Choose a form fields for the “Item Title” (title for each item in RSS list)
This will display a URL that you can use as an RSS feed. But by default you must log into WordPress for the URL to work. Some RSS readers will not be able to use this URL because they cannot login. The URL is secure
How to Turn off Security
This creates a security hole whereby a savvy person could see (but not change) all the saved form data in your database. If someone knows or can guess one of your form names, they can easily work out the RSS URL needed to show the form’s data.
If you want to make RSS URLs like this publicly accessible, then go to the WordPress administration page,
- Contact Form DB -> Options,
- set “AllowRSS URLs” = “true“
This option makes all RSS URLs that you could possibly generate publicly accessible. All form data can be viewed, it is only a matter of creating the right URL.