WordPress.org

Ready to get started?Download WordPress

Forums

User Role Editor
Single user roles - any overview? (5 posts)

  1. Wlkus
    Member
    Posted 8 months ago #

    Our WP got recently hacked and one of problems was that attackers used URE to give all possible rights to subscriber level. I removed that but found out that you can give single user modified rights outside of general groups. Is there any general list of such modified users? I'm worried that hackers could hide some users with admin rights between hundreds of regular users. Only problem is, that I see only way how to check to go one by one manually. And we have lots of registered users.

    Or if you could point me to place in WP database, where are these personal modifications stored?

    Thanks!

    http://wordpress.org/plugins/user-role-editor/

  2. Vladimir Garagulya
    Member
    Plugin Author

    Posted 7 months ago #

    Hi,

    WordPress stores user capabilities with roles assigned to them together - at wp_usermeta db table. By default user have 1 role assigned. So with this query you may extract for checking the users who have more then 1 role or additional capabilities assigned:

    SELECT * FROM wp_usermeta where meta_key like 'wp_capabilities' and meta_value not like 'a:1:%';

    Regards,
    Vladimir.

  3. Wlkus
    Member
    Posted 7 months ago #

    Thank you, working nice and seems that there is no user with more than one role...

  4. Vladimir Garagulya
    Member
    Plugin Author

    Posted 7 months ago #

    Just to check that all is right and you don't get empty result due to invalid criteria value: 'wp_' is the default database prefix. If you changed it during WordPress installation you should changed at the like criteria too, e.g. 'b1_usermeta', 'b1_capabilities'.

  5. Wlkus
    Member
    Posted 7 months ago #

    No I didnt change prefix and also tested it by removing AND condition, so it listed all users :)

    Thanks again!

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.