Title: wp-rss2.php & security Last modified: August 18, 2016 --- # wp-rss2.php & security * [chanz](https://wordpress.org/support/users/chanz/) * (@chanz) * [21 years, 8 months ago](https://wordpress.org/support/topic/wp-rss2php-038-security/) * Hello All – I need some help…in newbie basic language please. I have a *private* blog for my family and I on a website I use for my students/school/work. I’ve noticed in the site statistics that there are several hits on the wp-rss2.php page, but I don’t know what/how this is or how it works. My concern is that I can follow the link (by typing in wp-rss2.php) without being logged in and thus can read the posts. The point of a private blog is so that it is private – read/ write only by members. This is the first encounter where something may indicate that it is not functioning like I thought. Is that an accurate suspicion? What do I do to eliminate access to this page/file by the public? Thanks in advance for your help. K Viewing 2 replies - 1 through 2 (of 2 total) * [Mary Linville](https://wordpress.org/support/users/sunshine/) * (@sunshine) * [21 years, 8 months ago](https://wordpress.org/support/topic/wp-rss2php-038-security/#post-98045) * If they can read your posts through the RSS thing, then they can also read them just by opening up index.php. RSS is a syndication format, it makes it easier for people to see the latest news/posts, without having to visit the blog everyday. If you have your posts marked as “private” they should not appear in the rss. If you’re really concerned, you could forgo the “private” setting in wordpress and protect the blog with http auth (using an htaccess file). [http://javascriptkit.com/howto/htaccess3.shtml](http://javascriptkit.com/howto/htaccess3.shtml) a google search on htaccess should bring up more info should you need it. * [Mark (podz)](https://wordpress.org/support/users/podz/) * (@podz) * [21 years, 8 months ago](https://wordpress.org/support/topic/wp-rss2php-038-security/#post-98076) * 1. Options>Writing: remove any services in the Update Services box. 2. Options > Discussion: Uncheck the top two boxes (attempt to notify / allow links) 3. Delete atom / rss and rss2.php files from the directory. They all stop the blog talking to the rest of the internet. BUT, if your readers visiti another site from yours, the blog url may well be revealed as a referrer. Not a lot you can do there unless they first go to a ‘safe’ location of yours – a public page – before clicking out of your site. Using a .htaccess and .htpasswd together to secure access is the only real way to do it. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘wp-rss2.php & security’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 2 replies * 3 participants * Last reply from: [Mark (podz)](https://wordpress.org/support/users/podz/) * Last activity: [21 years, 8 months ago](https://wordpress.org/support/topic/wp-rss2php-038-security/#post-98076) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics