WordPress.org

Support

Support » Plugins and Hacks » [Plugin: Absolute Privacy] Absolute privacy enables login without password

[Plugin: Absolute Privacy] Absolute privacy enables login without password

Viewing 4 replies - 1 through 4 (of 4 total)
  • dsburdette
    Participant

    @dsburdette

    Same issue here. EVERY site I’m using this plugin is now broken. HUGE problem. Now I have to find another lockdown solution. Bummer, because I like this plugin. Any recommendations?

    esmi
    Forum Moderator

    @esmi

    if you have admin as a username

    You shouldn’t be using admin as user name – precisely because many sites are.

    dsburdette
    Participant

    @dsburdette

    I’m not using admin as a username. The plugin is broken and it will be forever as the author is no longer supporting the plugin. Read more on his blog:

    http://www.johnkolbert.com/site-news/the-official-goodbye/

    However, I found if you simply want a full lockdown on your site and to redirect all users to the login page, you must make sure this plugin is completely deactivated or not installed at all and simply add this code to the header of your active theme.

    <?php
    /*
    Checks to see if the visitor is logged in. If not,
    they are redirected to the login page.
    */
    if ( !is_user_logged_in() ) {
        auth_redirect();
    }
    ?>

    This is only useful if you want no pages visible to unauthorized users. There are other Members-only plugins that give you more granular control on a per page/post basis. I, however, was looking for full lockdown, like an extranet might be.

    Plugin Author Eric Mann
    Member

    @ericmann

    The plugin has been patched as of version 2.0.6 to fix this vulnerability.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: Absolute Privacy] Absolute privacy enables login without password’ is closed to new replies.