Single user roles – any overview?

  • Wlkus

    (@wlkus)


    10 years, 8 months ago

    Our WP got recently hacked and one of problems was that attackers used URE to give all possible rights to subscriber level. I removed that but found out that you can give single user modified rights outside of general groups. Is there any general list of such modified users? I’m worried that hackers could hide some users with admin rights between hundreds of regular users. Only problem is, that I see only way how to check to go one by one manually. And we have lots of registered users.

    Or if you could point me to place in WP database, where are these personal modifications stored?

    Thanks!

    http://wordpress.org/plugins/user-role-editor/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Vladimir Garagulya

    (@shinephp)

    10 years, 8 months ago

    Hi,

    WordPress stores user capabilities with roles assigned to them together – at wp_usermeta db table. By default user have 1 role assigned. So with this query you may extract for checking the users who have more then 1 role or additional capabilities assigned:

    SELECT * FROM wp_usermeta where meta_key like 'wp_capabilities' and meta_value not like 'a:1:%';

    Regards,
    Vladimir.

    Thread Starter Wlkus

    (@wlkus)

    10 years, 8 months ago

    Thank you, working nice and seems that there is no user with more than one role…

    Plugin Author Vladimir Garagulya

    (@shinephp)

    10 years, 8 months ago

    Just to check that all is right and you don’t get empty result due to invalid criteria value: ‘wp_’ is the default database prefix. If you changed it during WordPress installation you should changed at the like criteria too, e.g. ‘b1_usermeta’, ‘b1_capabilities’.

    Thread Starter Wlkus

    (@wlkus)

    10 years, 8 months ago

    No I didnt change prefix and also tested it by removing AND condition, so it listed all users 🙂

    Thanks again!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Single user roles – any overview?’ is closed to new replies.