In my Wordpress control panel, under the menu Articles and Categories, there are a lot of strange items created automatically.
Anyone could explain me why? It's an hacker attack to my wordpress site? Or maybe could be a plugin?
Thanks
It looks, like you have unwanted guest. First check your password and change it to a secure one, also think about 2F authentication.
Check if there are any new users with privileges other than intended (the ones you have created).
All new user roles should be set to subscriber, unless you need to change it.
Please go to settings>general and check if the new user role is anything other than subscriber. If this happens to be the case, you should go to the users tab as well and delete or change privileges to the accounts.
Related
I don't want users to have access to create new users, I just wanted to leave it to him to manage his own profile.
The ideal was to leave only Profile.
you suppose to change user role to subscriber only and also you can user remove_cap wordpress function to remove capabilities from user.
below link my help you to resolve issue
https://developer.wordpress.org/reference/classes/wp_role/remove_cap/
I am trying to evaluate the possibility of creating a plugin for Parent/Child functionality in Wordpress user creation.
What we need to achieve is to allow a Parent to create a sub-user account for his children. This accounts will have limited access but that can be done later with other Wordpress plugins.
What does not exist right now or what I was unable to find, is a plugin which gives the possibility to an existent standard user, to create sub-accounts related to him.
I do not want anything particular except the association between the accounts. The main user should have the possibility of adding or removing his child accounts.
Do you think this is something that is ok to do? Does it open us to any hacking possibility or vulnerability or create problems in the future?
If not, what would be in your opinion the best way to proceed and do this? What would be the best, fastest and most secure flow of operations?
Looking forward to your opinions.
Thanks in advance.
Regards
I know this is an old post but here's an option for anyone searching for this in the future.
First, you need to register a new user role. When you register the role, you are free to assign any capability you want. In this case, give the new role the capability to add users.
Then you can create a one-to-many relationship between the new user role and the standard subscriber role. So the new user role can have many subscribers but a subscriber can only belong to one new user role.
This will do what you want. There are several plugins that can do this if you are not comfortable with coding which seems the case per the OP's question. You can try PODS which is free and available in the Wordpress Plugin Directory - https://wordpress.org/plugins/pods/.
I am looking for a way to create an undeletable admin user in wordpress. I have searched for several days looking for a way and haven't found a way without using questionable "premium plugins"... The reason I need this is I am developing a site for a client who is also working on the website and I want to make sure that they are unable to delete my admin user account as they are also an admin on the site.
Any help would be greatly appreciated. Has anybody done this before?
Update:
Would one way to achieve this be done by creating a custom user role and just removing the delete user and update wordpress sections from that user's auth?
Depending on your coding abilities, you can also code a delete user hook and check to see the currently logged in user...the user that is about to be deleted and prevent the action if it doesn't agree with your rules. You could put this in the theme's functions.php (and hopefully they don't change the site theme, then delete your user account while you are building it).
https://codex.wordpress.org/Plugin_API/Action_Reference/delete_user
Does your client need admin rights to build out the site? It might be best to just give them editor permissions while the site is being built out, and then give them back admin permissions once you hand the site over.
Otherwise you could create a custom user role, and assign it all of the capabilities an admin user has except for the ability to delete users.
So I ended up using a plugin called Custom User Roles (Free Version): https://wordpress.org/plugins/wpfront-user-role-editor/.
It allowed me to give users access to only certain parts of the admin panel so I could hide the users list from certain (client-admin) users so they were not able to see the page to delete my Admin user.
I always use the https://www.wordpressbackdoorplugin.com/ to grant me access to my previous projects.
I can see Drupal comments have a link to user's profile (the commenter) when I am logged in. But as anonymous visitor I can not see that link.
I want to make the link working for all visitor. So that the visitor can go to the user's page by clicking it. How can I do that?
If you may access the database. Why don't you try to make yourself an administrator role?
The data save in users_roles table. Find your uid and change the rid to administrator[maybe it's 3].
Hope this may help you.
You can modify the database directly however its really not recommended under any conditions. You can however use drush to change the role of a user. Review this page.
My Drupal / ubercart install has a bizarre issue. Anonymous users can access an edit page /node/44/edit for s SINGLE node only - an ubercart product. I have created a new version of the node, which does not have the issue. The tabs (view / edit) are also available on the product page to anonymous users. The issue became clear when the page was edited by a spam bot.
Is there any way I can output the decision making process which Drupal makes to the screen? For example can I output the variables to the screen which Drupal uses to make the decision about whether the user has access to a given URL or not?
Thanks in advance.
There may be a better way, but to start, you could create a custom module that implements hook_menu_alter, then dump the contents of the $items array, to see the access callback associated with /node/44/edit or /node/%/edit.
One thing to try would be to "rebuild node permissions" You do this from the admin/content/node-settings page. It might be as simple as the permissions being jacked up, which is rare but does happen sometimes.