#1 WordPress forum plugin created by gVectors Team

wpForo – WordPress Forum Plugin
  • Home
  • Forum
  • Migrate to wpForo
  • Addons
  • Addons Demo
  • Documentation

Forum

Home | Forum

wpDiscuz - WordPress Comment Plugin
  • Forums
  • Members
  • Recent Posts
Forums
Main Support Forums
How-to and Troubles...
Security Issue - Ne...
 
Share:
Share
Tweet
Share
Notifications
Clear all

Security Issue - Need Assistance

    Last Post
RSS

thedrawingboard
Posts: 53
thedrawingboard - Facebook thedrawingboard - Twitter
 thedrawingboard
Topic starter
February 8, 2019 8:11 pm
(@thedrawingboard)
Trusted Member
Joined: 4 years ago

We've just started using wpForo as our team forum. The forum is a page on our Wordpress website, where we also maintain a blog. 

I have the forum set up with proper access rights for each user group, and that part is working. 

Each user has to register in order to gain access to the forum - and as such, general visitors to our website who are not registered users will not see the forum space (they will only see our blog space).

We just noticed a problem however, and I don't know a workaround for this...

If a non-registered visitor were to happen to know the URL of our team forum and add "recent" to the end of the URL, they can enter that URL and see ALL the forum information! All of it!!!

For example, if you type https://www. [placeholder].com/community/recent for a website that uses this wpForo plugin with this default URL structure, you can get in to anyone's forum. How is that possible?

And more importantly, how can this be fixed so this ISN'T possible?

Am I missing a setting?

Or is this a built-in issue?

 

We have tested this while NOT logged in to the forum - using all browsers and incognito on all browsers. And have tested this on phones that have never had the owner visit our website in the past. In ALL cases, using the URL structure I wrote above - provides full access to our forum. 

I look forward to your help!

Thank you!

Topic Tags
security non registered users access
5 Replies
wp_eikari
Posts: 1
 wp_eikari
February 8, 2019 9:08 pm
(@wp_eikari)
New Member
Joined: 3 years ago

We solved this installing a secondary plugin, e.g Ultimate Member, and used this plugin to specify that the forum page are only for logged on users.

Reply
1 Reply
thedrawingboard
 thedrawingboard
(@thedrawingboard)
Joined: 4 years ago

Trusted Member
Posts: 53
thedrawingboard - Facebook thedrawingboard - Twitter
February 8, 2019 9:10 pm
Reply towp_eikariwp_eikari

Thank you for that tip @wp_eikari . It's good to know that can be done.

I currently don't have Ultimate Member or BuddyPress - just using the built-in registration of Wordpress and usergroups of wpForo.

Are you using the core (free) version of Ultimate Member to do this?

It seems to me that wpForo should just have this feature BUILT-IN. If we have forums and usergroups, it seems like a bug or something missing in wpForo that let's visitors be able to see our forums using that URL.

This post was modified 3 years ago by thedrawingboard
Reply
thedrawingboard
Posts: 53
thedrawingboard - Facebook thedrawingboard - Twitter
 thedrawingboard
Topic starter
February 9, 2019 12:32 am
(@thedrawingboard)
Trusted Member
Joined: 4 years ago

@wp_eikari - I just installed the Ultimate Member plugin - just the free version. 

How did you set up your website so the forum is the only thing hidden to non-registered users?

Our website is our blog - so we need visitors to be able to access all content on the blog (pages and posts).

The forum is just on one page of the website. I would like visitors to have access to the forum page so they can see the public forums, but I only want registered users to see the non-public forms. 

I couldn't find a way to do that with the free version of Ultimate Member, and am hoping you can share your method with me. Thank you in advance. 

Reply
Anonymous3542
Posts: 393
 Anonymous3542
February 9, 2019 4:48 pm
(@anonymous3542)
Reputable Member
Joined: 5 years ago

@thedrawingboard If you've installed UM, on each page, there should be an option marked "Restrict access to this content?" where you can select whether or not you want the contents to be accessible to those logged in or not.

 

Hope this helps.

Reply
thedrawingboard
Posts: 53
thedrawingboard - Facebook thedrawingboard - Twitter
 thedrawingboard
Topic starter
February 11, 2019 5:54 pm
(@thedrawingboard)
Trusted Member
Joined: 4 years ago

Thank you @anonymous3542 - that helped!

Reply
  All forum topics
  Previous Topic
Next Topic  
Related Topics
  • Is there a way for a specific forum category to be by only invite?
    1 year ago
  • Recent posts widget is ignoring the access I set.
    2 years ago
  • I don't want site visitor to access the members list or any member profile
    2 years ago
  • how to restrict access to subforum only
    2 years ago
  • Read only access and post visibility
    3 years ago
Topic Tags:  security (6), non registered users (1), access (8),

Forum Search

Join Us!

Download wpForo plugin
on WordPress.org

wpForo Addons

wpforo-private-messages wpforo-advanced-attachments-128x128 wpforo-embeds-128x128 wpForo User Custom Fields addon wpForo – Blog Cross Posting addon wpForo Ads Manager wpForo – WooCommerce Memberships Integration wpForo Emoticons wpForo – Tenor GIFs Integration
View all Addons »

Recent Topics

  • Prevent access to the url "community"

    By totor, 17 hours ago

  • Dark mode

    By Vijiki, 22 hours ago

  • Menu location

    By Vijiki, 1 day ago

  • Setting recent topics on forum frontend

    By Vijiki, 2 days ago

  • Draft draft users post on wpforo

    By Vijiki, 2 days ago

  • How to remove content from email notification

    By Vijiki, 2 days ago

Topic Tags

  • translation49
  • css49
  • plugin conflict48
  • seo45
  • new features44
  • buddypress42
  • ultimate member40
  • avatar40
  • forum40
  • moderation38
  • login38
  • registration36
  • threaded layout35
  • cache33
  • editor32
  • menu32
  • shortcode31
  • spam29
  • forum accesses29
  • phrases28
View all tags (2163)

Recent Posts

  • RE: New wpForo

    @robert So, will this update feature such as changi...

    By gsmdahisi, 8 hours ago

  • RE: Dark mode

    @chris I did switch to dark mode and I have 3 Questions...

    By Vijiki, 10 hours ago

  • Prevent access to the url "community"

    Hello everyone. We use wpforo on a site with a public...

    By totor, 17 hours ago

  • RE: How to make logo appear on the BP photo

    Just like here, the wpDiscuz Image shown above the menu...

    By Chris, 20 hours ago

  • RE: Draft draft users post on wpforo

    @vijiki, You can set the post/topic unapproved, so th...

    By Chris, 22 hours ago

  • RE: Menu location

    Thanks

    By Vijiki, 22 hours ago

  • Answer to: Problem with private forum

    Hi @darkkang, In the Forum Accesses, disable "Can vie...

    By Chris, 23 hours ago

Share:
Share
Tweet
Share
  Forum Statistics
20 Forums
9,765 Topics
49.5 K Posts
4 Online
44.1 K Members

Latest Post: New wpForo Our newest member: shortterm Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

Powered by wpForo | Copyright © 2016-2022 gVectors Team
Copyright Registration Service - Click here for more information or to register work
wpForo is Registered with the IP Rights Office
Copyright Registration Service

Ref: 4477265538
  • Home
  • Forum
  • Migrate to wpForo
  • Addons
  • Addons Demo
  • Documentation