Super Secret Journal Posts

Origin Story

Let’s say someone wanted people to write down very personal, very sensitive thoughts about privilege, bias etc. They’ve turned down Google Docs as an option because they heard that people can see that. They want this even if you’ve said that writing down secrets at all is not a good idea and that writing them anywhere digital, let alone the Internet, is a very bad idea.

So with that said, I think this is a pretty decent way to write stuff that’s only visible to the author and to the administrator of the site. It creates a custom post type called journal and then shuts off every thing that I think allows public access. Take note of the comments below and if you see anything I’m missing let me know.

 $args = array(
    'label' => __( 'journal', 'textdomain' ),
    'description' => __( '', 'textdomain' ),
    'labels' => $labels,
    'menu_icon' => '',
    'supports' => array('title', 'editor', 'revisions', 'author', 'custom-fields', 'thumbnail',),
    'taxonomies' => array(),
    'public' => false,//become super secret 
    'show_ui' => true,
    'show_in_menu' => true,
    'menu_position' => 5,
    'show_in_admin_bar' => false,
    'show_in_nav_menus' => true,
    'can_export' => false,//no exports
    'has_archive' => false,//no archive just in case
    'hierarchical' => false,
    'exclude_from_search' => true,
    'show_in_rest' => false,//not in JSON
    'publicly_queryable' => false,//can't query it
    'capability_type' => 'post',
    'menu_icon' => 'dashicons-lock',//make a lock icon
  );
  register_post_type( 'journal', $args );

I also threw this in here in case it somehow did get public somewhere. It filters content when it’s a journal post type and makes sure you’re the owner or admin. If you turn on some of the public stuff, this would still keep things pretty private.

function secure_the_journal($content) {
  // assuming you have created a page/post entitled 'debug'
  if ($GLOBALS['post']->post_type == 'journal') {
  	$current_user = get_current_user_id();
  	$author = $GLOBALS['post']->post_author;
   	if ($current_user === $author || current_user_can('administrator')){
	   	return $content;
	   } else {
	   	return '<h2>This content is private.</h2> <p>You will need to be the content owner and <a href="'.wp_login_url().'">logged in</a> to access it.</p>';
	   }
  }
  // otherwise returns the database content
  return $content;
}

add_filter( 'the_content', 'secure_the_journal' );