WordPress.org

Forums

Adminimize
Security issue (2 posts)

  1. lip3
    Member
    Posted 2 years ago #

    Hello,

    First of all I thank you guys for develop this plugin. I need to say as well that I'm not a english speaker, so sorry about any ununderstandable line.

    Let me explain the problem with security.

    This plugin uses CSS classes to hide the content of wordpress, but every browser nowadays has an option to "inspect element". With this option is possible to show everything the Adminimize hides, just unchecking the CSS (display: none !important;) elements.

    Today I created a new custom field to a custom post. I needed to hide from the users who had the "movies" role. So I added the class "acf15" in the write movies - option of adminimize plugin.

    After that, I logged in as a Movies role user. Then I do a right mouse click -> inspect element - uncheck the "display none" check box and the field show up again.

    How boring is that?

    Once again thank you, but this plugin is useless, with you need some security over the hide fields.

    How to resolve this problem?

    Thank you so much!

    http://wordpress.org/extend/plugins/adminimize/

  2. Frank Bueltge
    Member
    Plugin Author

    Posted 2 years ago #

    Thanks for your feedback.
    The plugin use many different functions to hide areas. Also the way about css, especially for custom options. The plugin change not on the rights, roles - only hide the area for better to worm; see, what the user want.
    If you will hide areas, completly, than it is always possible via php funtions from the wp core. It is possible for the plugin to use this, then I will use. But often is the problem the ID, the key of a object. Often it is not possible to read, know about this, the key, the ID of a object dynamicly in WordPress to create a option in Adminimize. If you have users, there have enough know how about the DOM to see areas, than is Adminimize not the right solution for this requirement. I think, then is a custom plugin smaller and faster.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Adminimize
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.