I’m going to set up a web shop that sells domain names.
Every domain is a single post, and every post contains about 10 custom fields.
My question is, are these custom fields accessible if I don’t query them?
For example, you go to a single post (a domain overview in my case) and can you retrieve the values of my custom fields? Otherwise people can retrieve the code, without paying for it. Are those custom fields accessible if I don’t query them, or not all of them?
Is it safe to keep the code’s where you pay for in a custom field?
Thanks in advance!
You shouldn’t be able to, but there’s always the possibility of security holes in WP, or even something as simple as a brute force attack on the WP Admin area or your MySQL database.
I would err on the side of caution and keep any critical data in a separate system. Maybe after someone makes a purchase, you could have them log into a separate system to retrieve their activation codes.
Gumroad might be a decent end-to-end fulfillment system for you. Each of your domains would be a separate Gumroad product, and you could paste the shortlink into WordPress as a custom field. More info: https://gumroad.com/