So just to follow up on this. The site needs to be totally private, especially the discussions that happen using BuddyPress – nothing should be available outside of a login.
RSS is publicly exposed and therefore breaks this, all you need to do is know the simple url …/feed and you get access to everything, bot or human. That is quite a security flaw for private conversations.
So this plugin turns that off and gives anyone not logged in a 404 or any redirect you want.
