Title: cidram issue
Last modified: March 23, 2023

---

# cidram issue

 *  [Gerrard Johnson](https://wordpress.org/support/users/tec4sho/)
 * (@tec4sho)
 * [3 years, 3 months ago](https://wordpress.org/support/topic/cidram-issue/)
 * Hi does this system/plugin still work, it did not work manually installed when
   calling the class. Also its not opening in wp settings or seem to do anything
   after installing as a plugin so where are the controls an logs located, after
   reading github for answers an as a developer myself am still lost to its real
   usage, so i decided to ask direct before i remove it an try something else where.

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Plugin Author [Maikuolan](https://wordpress.org/support/users/maikuolan/)
 * (@maikuolan)
 * [3 years, 3 months ago](https://wordpress.org/support/topic/cidram-issue/#post-16593558)
 * ![](https://i0.wp.com/ps.w.org/cidram/assets/support-cidram-issue-1.png?ssl=1)
 * > Also its not opening in wp settings
 * As of CIDRAM v3 and onward, after installing CIDRAM, a link to the CIDRAM front-
   end *should* appear in the main dashboard menu (refer to the attached screenshot
   above).
   Are you seeing something similar at your end, or no such link?
 * (Will split my response into separate replies, because the reply interface is
   doing something weird at my browser at the moment, switching between block options,
   and just doing separate replies feels like should be a little easier).
 *  Plugin Author [Maikuolan](https://wordpress.org/support/users/maikuolan/)
 * (@maikuolan)
 * [3 years, 3 months ago](https://wordpress.org/support/topic/cidram-issue/#post-16593589)
 * [@tec4sho](https://wordpress.org/support/users/tec4sho/) Something is very wrong
   here. I clicked the link to your website shown at your profile here at wordpress.
   org, and it immediately showed me the CIDRAM front-end login page. Such a thing
   shouldn’t normally be possible.
 * If you check the `cidram.php` file at the root directory of the CIDRAM plugin,
   you’ll notice that at the point where the `view()` method is called (the method
   responsible for displaying the CIDRAM front-end), the call is guarded by requiring
   the `edit_plugins` permission to be set, which by default, is only given to admins
   and super admins:
 *     ```wp-block-code
           add_action('init', function() use (&$CIDRAM) {
               if (current_user_can('edit_plugins')) {
                   $CIDRAM->view();
               }
           });
       ```
   
 * This is done for the sake of security, specifically, to prevent unauthorised 
   access to the CIDRAM front-end (the rationale for using `edit_plugins` as a guard
   being that if a user is capable of editing plugins in the first place at all,
   then they must surely be authorised to use an interface intended to administrate
   one of said plugins, too).
 * The fact that I’m seeing the CIDRAM front-end login page when accessing your 
   website (which, given that I’ve never accessed it before, and therefore, naturally,
   won’t be logged into it, shouldn’t have `edit_plugins` permissions set) tells
   me that either (1) where the method call occurs at your WordPress installation,
   for some reason, that same guard isn’t in place, or (2) at your WordPress installation,
   for some reason, something has gone wrong with how the permissions for `edit_plugins`
   are being set.
 * On the bright side, it *also* tells me that CIDRAM is, in fact, installed at 
   your WordPress installation. However, until we’re able to figure out why the 
   CIDRAM front-end login page is displaying for non-logged in users like that, 
   I would recommend disabling the plugin, at least temporarily. The only one you
   want being able to see the CIDRAM front-end login page, in most cases, is just
   you.
 *  Plugin Author [Maikuolan](https://wordpress.org/support/users/maikuolan/)
 * (@maikuolan)
 * [3 years, 3 months ago](https://wordpress.org/support/topic/cidram-issue/#post-16593605)
 * > so where are the controls an logs located
 * Logs and controls can be accessed via the front-end (which is why you need the
   front-end, but also why you don’t want anyone other than yourself being able 
   to access it).
 * > Hi does this system/plugin still work
 * Yes. 🙂
 * When installed correctly, it should block requests in accordance with how CIDRAM
   is configured, its installed signature files, modules, etc. There is an “IP testing”
   page available at the front-end to simulate requests from various IP addresses,
   user agents, etc, in order to test whether a request would or wouldn’t normally
   be blocked.
 * Non-blocked requests shouldn’t normally see anything different than usual, and
   so, as long as someone is not blocked, it’s unlikely they would even notice whether
   CIDRAM is installed at all.
    -  This reply was modified 3 years, 3 months ago by [Maikuolan](https://wordpress.org/support/users/maikuolan/).

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘cidram issue’ is closed to new replies.

 * ![](https://ps.w.org/cidram/assets/icon-256x256.png?rev=2960554)
 * [CIDRAM](https://wordpress.org/plugins/cidram/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/cidram/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/cidram/)
 * [Active Topics](https://wordpress.org/support/plugin/cidram/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/cidram/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/cidram/reviews/)

 * 3 replies
 * 2 participants
 * Last reply from: [Maikuolan](https://wordpress.org/support/users/maikuolan/)
 * Last activity: [3 years, 3 months ago](https://wordpress.org/support/topic/cidram-issue/#post-16593605)