I'm working on an old WordPress site and cleaning out all the old dusty plugins and whatnot(Updated or removed any unneeded plugins/themes). Nothing unusual. I added security to the login and other precautions, but about a month ago I received a notification to my admin email that someone created an account and changed their password.
When I investigated, the new user had admin rights and some random username. I immediately deleted the user and soon discovered that the Membership checkbox in Settings was toggled to "Anyone can Register". The default role set to Admin. I had never seen anything like this before, but I couldn't recall if I checked this setting when I started working on the site.
So I unchecked the box, set the default role to subscriber. I chalked it up to me missing a step and moved on. Fast forward to now and over the weekend it happened again. A new user, changed password, and there low and behold the Membership checkbox was checked. I deleted the new account as before.
Although this time the default user was still set to subscriber. So that didn't change.
I tried to Google this, but I don't get anything other than the steps I've taken.
A couple of quick details; the site is backed up, and I am the only admin user. WordPress 5.8.2. PHP 7.4, all plugin updates done automatically.
If you have an idea of what's happening please let me know.
Related
The role of one of my users who has admin role will be changed automatically a few times every day and I have to manually update it again. I'm not sure if it's a plug-in problem but this is the only admin user that the role will be updated automatically. Is there anyway that I can see the logs to find what's wrong? Is there any code that I can put on function.php to change the role to admin for that user of the role was changed as a temporarily fix?
I have had this issue with User Role Editor and Admin Menu Editor. Worth disabling these if you have either of them installed?
I currently run a WordPress website which recently started to bug me. I am the only admin on the page and I suddenly cannot add a product, page or anything for that matter. Instead of the publish button there is a "send for review" or something button. Even if I hit that button it says I do not have the rights to do it.
I have tried:
- adding a new administrator but it has the same effect
- disabled ALL plugins and tried again = nothing
- changed privileges in the database (table wp_usermeta)
Help would be extremely welcomed!
One very possible cause: You ran out of space to append to your database, with your provider.
Hence no saving, your provider does not allow any new posts to be published due to not enough space, so the Publish button is invisible, and instead you have Send for review
I'm new to drupal. There is a client website that we do some changes by using admin panel.
Changing some text in some pages. But the changes does not appear if you are not logged as admin or the user who made the changes.
after one day you can see that the changes can be seen by not logged users as well.
I search for cache problems or permission problems but I could not find anything in google.
What do you think is this?
not: cleaning browser cache or ctrl+f5 won't work.
If page caching for anonymous users is enabled, those visitors will see a cached version (and not the latest modified version).
Depending your configuration, this caching (minimum cache lifetime) can be between 1 minute and 24 hours. To verify / change your settings go to admin/config/performance.
I have integrated Mybb forum with wordpress 3.3.2 using zingiri. The URL is www.etrixdevenv.com/ssc2pg2/community. The etrixdevenv.com is our development server. And project name is ssc2pg.
The problem we are facing is that when one registered user (for trial) logs in, then it works just fine. But when any other user just visits (not log on) the community page (forum) then if the previous logged on user tries to post a new thread / reply or any other activity, it simply gets logged out. Can anybody suggest an answer? Also the formatting buttons are missing from the post editor.
Could be a cookie issue. Make sure that you're setting the cookie domain correctly in Settings of the Admin panel.
I'm using ASP.NET Sitemaps with a custom Role Provider to generate a site Menu that displays available links depending on user role.
This works fine if the roles don't change while a user is logged in.
When the roles do change while the user is logged in, the Menu isn't automatically updated (I've checked, and the Roles.GetRolesForUser() is only called on login). This results in the user having access to the areas of the site he doesn't have permission to see. This access is not only visual (in the form of the Menu items being displayed), but the access restrictions as defined in the Web.config are not being enforced either.
Is there a way to trigger the Menu/access control refresh when the roles are changed? Or do I need to force a logout?
Thanks in advance
EDIT: I just realized I had the Role Manager cacheRolesInCookie enabled, which meant that GetRolesForUser() was only being hit once and any further role checks were made using the cookie. Any way to refresh the cookie programmatically or do I have to live with the cache turned off? Maybe just removing the cookie will solve it?
Went for the non-cached version, which works fine.