I am having a problem with Tags.
By default all of my posts and pages are blocked.
However, I noticed if you click on a Post the next page which states that “This content is restricted to registered members. If you are an existing user, please login. New users may register below.”
Below the registration the Tags are listed.
If a visitor clicks on those Tags then he/she can see the Posts in their entirety! Yikes!
Is this a security hole within the WP-Members plugin?
Are you using the <!–more–> tag in posts to create an excerpt?
That’s what the issue is. You need to be using the ‘more’ tag.
Refer to the first point in the installation instructions section titled “Locking down your site”:
Does anyone out there know how to automatically add a ‘more’ tag to say 500 posts or so??????
I decided that adding ‘more’ tags was not the way to go because it inserts teasers on every Post.
Instead I opted to install the Page Restrict plugin which simply places a notation on every Post that visitors must log-in in order to see the Post.
There are many approaches to putting in your own excerpts and not having to go back to put in a ‘more’ tag manually.
I had included a function to automatically put in excerpts, but it didn’t work well with certain configurations of the plugin, so it was pulled from use. But I recently reworked this function, so an automatic excerpt will be available in the upcoming version 2.8
- The topic ‘Security issue with blocked Post tags’ is closed to new replies.