WordPress.org

Support

Support » Plugins and Hacks » Single user roles – any overview?

Single user roles – any overview?

  • Our WP got recently hacked and one of problems was that attackers used URE to give all possible rights to subscriber level. I removed that but found out that you can give single user modified rights outside of general groups. Is there any general list of such modified users? I’m worried that hackers could hide some users with admin rights between hundreds of regular users. Only problem is, that I see only way how to check to go one by one manually. And we have lots of registered users.

    Or if you could point me to place in WP database, where are these personal modifications stored?

    Thanks!

    http://wordpress.org/plugins/user-role-editor/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Vladimir Garagulya
    Participant

    @shinephp

    Hi,

    WordPress stores user capabilities with roles assigned to them together – at wp_usermeta db table. By default user have 1 role assigned. So with this query you may extract for checking the users who have more then 1 role or additional capabilities assigned:

    SELECT * FROM wp_usermeta where meta_key like 'wp_capabilities' and meta_value not like 'a:1:%';

    Regards,
    Vladimir.

    Thank you, working nice and seems that there is no user with more than one role…

    Plugin Author Vladimir Garagulya
    Participant

    @shinephp

    Just to check that all is right and you don’t get empty result due to invalid criteria value: ‘wp_’ is the default database prefix. If you changed it during WordPress installation you should changed at the like criteria too, e.g. ‘b1_usermeta’, ‘b1_capabilities’.

    No I didnt change prefix and also tested it by removing AND condition, so it listed all users 🙂

    Thanks again!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Single user roles – any overview?’ is closed to new replies.