This blog post is primarily to explain and document the issue to WP Support and Developers, but other users might benefit from it.
So, I normally compose my polls at CrowdSignal and then embed them here. However, the Block Editor has a Poll Block. Supposedly, it’s linked with CrowdSignal and once composed, the poll can be managed there . . . or so they would have you believe.
As a review, my normal mode to enter polls is to compose them at Crowdsignal, and them embed them in the post. They end up looking like this:
Note: sometimes, the poll shows up blank. In that case, duplicate the block and the new block will be fine, and then delete the first Crowdsignal embed block (which is what I had to do here).
Anyway, so far, so good. At this point, if you go to Crowdsignal’s Dashboard, it looks like this:
You can also check in the Feedback-Crowdsignal panel of your blog’s Dashboard, and it should look similar to the above, but in WordPress.
Again, so far, so good.
Now, I’ll add a Poll Block . . .
It looks OK . . . but, let me go to Crowdsignal . . .
That’s odd . . . where’s the new poll?
Let me check the Feedback-Crowdsignal page . . .
So, I don’t see my new poll, but there are now two new boxes up there.
The “Me” is fairly self-explanatory . . . but what’s the “On This Site?”
And this is where it gets interesting, super-annoying, and worrisome.
It turns out that when I create a Poll Block, it’s connected to a different Crowdsignal account.
Let me repeat . . . I create a Poll Block on my blog, and it ends up belonging to someone else, which is why I can’t see it.
Who is this person, you ask?
Oddly enough, it’s my sister. Here’s the thing(s) . . .
My sister lives five hours away.
She has no access to my computer and never had.
She is not authorized on this blog.
I don’t know her email password.
I don’t know her WordPress password.
She does not know my email password.
She does not know my WordPress password.
She doesn’t even have a blog, so her WP Dashboard is empty.
She had never logged onto Crowdsignal, and yet my blog is linked to her account.
WHISKEY TANGO FOXTROT IS GOING ON HERE?
Well, after a goodly amount of time on a chat with WP support where we try to disconnect my Crowdsignal and reconnect it, and other stuff (all to no avail), I called my sister.
I first had her check if her WP account was connected to Crowdsignal. So, for instance, if you go to your WP account and to the Security tab, you get this screen.
If you then click on connected apps, you get this screen . . .
I’m showing you mine because she had no connected apps . . . because she doesn’t have a blog and had never logged onto, or even heard of, Crowdsignal.
She does have a WP account so that she can follow blogs, so I walked her through how to login to Crowdsignal.
Sure enough, her Crowdsignal dashboard showed the connection to dispersertracks.com, but it didn’t show the polls I had created that were assigned to her account.
Again, neither of us could see the polls I had created using Poll Blocks and that got assigned to her Crowdsignal account.
So, I then had her delete the connection . . . and the polls I had done on my last post stopped working (hence why they are now redone via embedding).
We ran a few tests. . . whenever I used a Poll Block, the connection would show up at her Crowdsignal account, and the “On This Site” box would appear on my Feedback page.
So, there are some major questions I have.
- how is it possible that without knowing each other’s passwords, my WordPress Blog is connected to her Crowdsignal account?
- How is it that despite redoing, deleting, cursing connections, there’s some sort of permanent and hidden link connecting her Crowdsignal account and my main WordPress blog?
- I assume it’s not a coincidence that it’s her account and not some stranger . . . but does that mean WP crosslinked our accounts because of our last names?
Number 3 maybe is a possibility . . . we share one last name, but I have and use an additional last name. But, that would mean WP is doing stuff in the background that I don’t like one bit.
In any event, this is shaking my confidence in the security of WordPress and, consequently, of my account.
I await an explanation.
That’s it. This post has ended . . . except for the stuff below.
Note: if you are not reading this blog post at DisperserTracks.com, know that it’s copied without permission, and likely is being used by someone with nefarious intentions, like attracting you to a malware-infested website. Could be they also torture small mammals.
Note 2: it’s perfectly OK to share a link that points back here.