WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Security Issue - Add User option (7 posts)

  1. Kuldeep M
    Member
    Posted 4 years ago #

    hello...

    when the users add an additional user to their blog site using the Add User option, that additional user is able to login to that blog and also to the main blog...

    please look into this security issue...

    login URL of the main blog:
    http://bharathblog.com/wp-login.php
    login URL of the user blog for which an additional user was added:
    http://emmessar.bharathblog.com/wp-login.php
    user id of the additional user:
    tester
    password:
    *@eFDwRau#ji

  2. It;s actually default behaviour that they can login to the main blog. the shoudl only have access to their profile page, however.

    Are you running any extra plugins?

    (note test user seems to have editor access, not full access, but not subscriber either)

  3. Kuldeep M
    Member
    Posted 4 years ago #

    Andrea,

    is there anyway I can block the additional user from logging to the main blog...

    there are many plugins which I have installed, if required I will e-mail you the admin login details...
    (I do not have your e-mail id)

    thank you...

  4. No, I don't want an email about it. :)

    The way to check and see if it is your plugins is to disable them all. This includes anything in the mu-plugins folder.

    try it with no plugins. If it works as expected, then it's a plugin.

  5. Another check: go under your Settings and see if you set the Default role to Author or Editor.

  6. Kuldeep M
    Member
    Posted 4 years ago #

    I have deactivated all the plugins, including those in mu-plugins folder... but still can't resolve the issue...

    please suggest how I can block the users from logging to the main blog...

  7. Assign a dashboard blog under Super Admin -> Setting. Note the dashboard blog will not have a visible front end.

Topic Closed

This topic has been closed to new replies.

About this Topic