Forums

WordPress › Support » How-To and Troubleshooting

Please HELP: WP 3.2 - How can I prevent unauthorized people publishing POSTS? (2 posts)

  1. Cyborg Feelings
    Member
    Posted 6 months ago #

    Am I the only person who are allowed to Publish Post on My site? (WordPress 3.2)

    So was I thinking until today cause I´m Admin and all other users are Subscribers on my site. I have changed the rule for Subscribers to allow them Edit Post´s but they can´t Publish, they can "Submit for Review" and when I approve it then they can edit it again if they would like to.

    I´m working on WordPress 3.2 and I'm using Plugin: "Visitor Maps - View Who's Online" to see who is online and what pages/post they are browsing.

    Today I saw a registered subscriber browsing this link:
    /wp-admin/post.php?post=13879&action=edit&message=6
    (That shouldn't be possible?)

    I clicked on it and was redirected to "EDIT POST PAGE" on top of that page I could see the NOTICE "Post is Published"!!!!!
    (I belive thats why action=edit&message=6 in this link).
    I pressed "View Post" to that its really Published or not. And I was then redirected to: http://www.mysite.com/?p=13879
    They weird thing about that is I have changed permalink setting. So I publish a post it would look something like:
    http://www.mysite.com/animal/australia/kengru
    not like:
    http://www.mysite.com/?p=13879
    (That shouldn't be possible or else I will get penalized by Google, Yahoo etc for duplicate content? (Same post with two different links)

    The last thing which surprised me when I was browsing this Published Post by unauthorized member I clicked on "Edit Post" and was redirected to "Edit Post (wp-admin)" there I could see the Link "Publish" not "Update" that means WordPress dont understand this Post is already Published?

    I double checked in "All Post" and this Subscriber/member had created 3 Posts and all had status as "Draft" but they was Published at same time.

    What does that mean? How can I prevent this?

    I have deleted this Posts and added Deny rule in htaccess and blocked the last login IP and Register IP from this Subscriber.
    But I belive this user can still access my site by using Proxy server etc? How to make WordPress secure?

    ---
    Thank you so much to team WordPress and developer for making such an incredible, powerful, endless, easy, fast and free platform :-)
    I´m using it for 6-7 months now and learning couple of techniques everyday to improve my site. I´m just hooked and LOVING IT.

    I wish to make it secure.

    All advices will be highly appreciated.
    Thank you for your time

  2. esmi
    Theme Diva & Forum Moderator
    Posted 6 months ago #

    Why aren't you using WordPress 3.2.1? It's entirely possible that your site has been hacked and it would probably be best to proceed as it is had:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    http://sitecheck.sucuri.net/scanner/

Reply

You must log in to post.

About this Topic

Tags