Security issue with blocked Post tags

  • Mr Tibbs

    (@mtibesar)


    11 years, 5 months ago

    I am having a problem with Tags.

    By default all of my posts and pages are blocked.

    However, I noticed if you click on a Post the next page which states that “This content is restricted to registered members. If you are an existing user, please login. New users may register below.”

    Below the registration the Tags are listed.

    If a visitor clicks on those Tags then he/she can see the Posts in their entirety! Yikes!

    Is this a security hole within the WP-Members plugin?

    http://wordpress.org/extend/plugins/wp-members/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Chad Butler

    (@cbutlerjr)

    11 years, 5 months ago

    Are you using the <!–more–> tag in posts to create an excerpt?

    Thread Starter Mr Tibbs

    (@mtibesar)

    11 years, 5 months ago

    No.

    Plugin Author Chad Butler

    (@cbutlerjr)

    11 years, 5 months ago

    That’s what the issue is. You need to be using the ‘more’ tag.

    Refer to the first point in the installation instructions section titled “Locking down your site”:
    http://wordpress.org/extend/plugins/wp-members/installation/

    Thread Starter Mr Tibbs

    (@mtibesar)

    11 years, 5 months ago

    Oh great….

    Does anyone out there know how to automatically add a ‘more’ tag to say 500 posts or so??????

    Thanks Chad.

    Thread Starter Mr Tibbs

    (@mtibesar)

    11 years, 5 months ago

    I decided that adding ‘more’ tags was not the way to go because it inserts teasers on every Post.

    Instead I opted to install the Page Restrict plugin which simply places a notation on every Post that visitors must log-in in order to see the Post.

    Plugin Author Chad Butler

    (@cbutlerjr)

    11 years, 5 months ago

    There are many approaches to putting in your own excerpts and not having to go back to put in a ‘more’ tag manually.

    I had included a function to automatically put in excerpts, but it didn’t work well with certain configurations of the plugin, so it was pulled from use. But I recently reworked this function, so an automatic excerpt will be available in the upcoming version 2.8

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Security issue with blocked Post tags’ is closed to new replies.