Settings page and credentials are accessible by all the authors
This is a wonderful alternative for JetPack’s post by email. I am glad that it could also support custom posttypes by a simeple function.
I think I found a small problem which could cause serious issues on multi-author blogs. The Post-By-Email settings page is available for all the users(I mean authors) in a blog(Not just multisite. Also in single-site installations).
If the blog/site has multiple authors, an author could see the admin’s email settings and can grab all the email credentials including the password of the admin’s email.
The page can be restricted by changing the menu permissions. But it could be helpful if there is an option to make the settings page accessible and set permissions per user.
- The topic ‘Settings page and credentials are accessible by all the authors’ is closed to new replies.