A user alerted me, he was able to access the backend of wordpress, when logged into the forum. I created a test account and recreated the error.
Per the screenshot, you can see I am signed in as verymodern. The wp toolbar is visible and if clicked, it does give access to the site. I have not changed any permissions.
I verified "verymodern" was a "subscriber" (next screenshot). I have dumped all caches.
My site is updated and I did disable plugins and could not fix the problem.
Please help. I had to to take my forum offline until I can resolve this.
wpForo doesn't have any relation to User Roles and access control to the Dashboard. This is your website user role configuration issue or problem with the cache plugin. In any case this doesn't have any relation to wpForo. Just deactivate wpForo and ask him login again. The access to the dashboard is not controlled by wpForo, it's controlled by WordPress User Roles and something is wrong with your website user roles. Maybe you've used some plugin for Role editing and made some mistake or something that.
Okay, so there is a backdoor somewhere, we're looking for it. Meantime, I have taken the forum offline so no one can log in.
Is there a way I can temporarily get rid of the login page so the forum can be accessed but no one can log in?
Never mind. I found a workaround for this, blocking access with a plugin.
Thanks for your help.