I'm new to wordpress and I need to create a wordpress that allow the administrators to share information and files with users (word, excel, pdf, images, etc).
Each user will have a password and the files are only shared between the user and the administrator (there's no sharing between users).
Maybe that can be accomplished with a post or page targeted for every user. The user would have to be logged to access the page/post and should be able to add content and files. That way the files and info will be only shared between that user and the admin.
Is this a correct approach or there is a better way to do it?
Thanks
Gonzalo
WordPress Download Manager helps you in managing, tracking and controlling your downloads in a more efficient way. You can set access levels, you can add/embed downloadable files anywhere in the post by copying and pasting the embed code.
For more info :
http://www.wpbeginner.com/plugins/how-manage-track-control-file-downloads-wordpress/
Related
So, I have an admin user on Wordpress, I can login, I can post, update, install plugins, etc.
But when I try to find my user name, or email on the database wordpress is using (in wp-config file), I'm not able to locate it. and mine is not the only user I'm not able to find in the database.
Now,I got to this discovery, because our wordpress site was hacked not long ago, I'm going through the files, and I see some random code on the top of index.php or other files.
I clean and get rid of this code, and files too ! ( aindex.php, ajax-index.php. etc.)
At some point in the middle of the night, some files is creating this files, and inserting this random code again. SO I need to do this everyday in the morning, otherwise the wordpress admin doesn't work. Any insight on this too, will be very appreciate it.
Anyway, it is possible that whoever hacked the site, is making wordpress to store new users on an external database ?
Thanks, any help will be appreciate it.
Note I'm using: Wordfence, WP security, Cerber Security, Defender, iThemes Security to help scan the files.
In relation to your first point, users are not stored in wp-config.php. They are stored in the database - you can access the database via your domain.com/phpmyadmin (depending on the database manager you're using).
Within the database tables you will find wp_users and wp_usermeta where the information you are looking for will be stored.
You can have a look at this page for some more information.
I am looking to restrict access to plugins for a specific user. I still want this user to be able to edit the theme, but it should not be able to modify plugins or update wordpress.
I did a little research and don't think that there's a simple way to allow this, but before I go along the path of finding a plugin to support this feature, I wanted to ask and make sure there wasn't the ability to do this out of the box.
WordPress will only grant permission to edit the theme in the WordPress Admin Panel. While plugins may be able to restrict editing plugins in the same manner, using this feature at all is highly dangerous as all changes are effective immediately on a live server and can be extremely destructive. If the user's account is compromised someone can directly inject malicious code into the files.
Any changes to theme code, or plugin code for that matter, should be done on local copies of files and then uploaded to the server.
In all of my WordPress installations, even my local development environments, I put the following line of code in my wp-config.php file:
define(‘DISALLOW_FILE_EDIT’, true)
This disables the editor in the WP Admin Panel.
There is a pdf on the server that we want users to access only those with the link is there any way we can prevent from being shared as well? So if the users want to share the link it will redirect them to the homepage. I know users can download and share it amongst themselves, that is something we can't prevent but I at least want to prevent them from sharing the URL. I tried to prevent hotlinking but most of the tutorials and resources I found prevent all PDFs from being shared.
I know this is a late response but you can easily use the HTTP REFERER field to prevent access to a link from outside certain pages - SpeedFan does this for their installer download links.
New to Wordpress.
I am aware the default database to Wordpress is MySQL.
Like livejournal, i have a small requirement which allows Admin to post content and registered users on the website are allowed to post contents.
I decided to go with Wordpress, but still have not done much research on allowing registered users to post contents as like admin.
I am wondering, What database would be the best to go with ?
SQL or MySQL ?
Also, whether these contents are stored in the Database or in the form of .doc ?
The database you use doesn't matter as long as Wordpress supports it.
Comment functionality is built into Wordpress. You don't need to do any custom development to make it happen. If you only want registered users to be able to comment, you'll have to make a setting requiring users to be registered and logged in to comment. This setting is under Settings - Discussion. Comments are stored in the database.
Those are a few questions in one, so I'll answer each one of its own and paraphrase:
Can Wordpress use some other database than MySQL?
No, Wordpress only supports MySQL, so there is no choice.
Are the posts or pages/content in Wordpress stored in a database or in a .doc file
The contents of posts in Wordpress, just like in liveJournal, are actually stored in a database.
Is it possible to allow users in Wordpress to submit content that an admin can then review and publish/delete later etc.
Yes. Very much so. I believe it's built into Wordpress, you just need to have a registered user and enable the feature.
I'm working on a Drupal 6 site, and one of the requirements is for the company to be able to upload videos and whitepapers. No problems there.
The tricky part of the requirement is that when a site visitor tries to download one of these files, they need to be prompted to fill out a basic information form with the usual stuff; name, email address, business sector etc. If they've already done this before to download another file, then the site needs to pick up the cookie etc attached to the user and register them as downloading another file.
I've done this before on another site and it was a simple enough bunch of PHP with a database attached. I know I could easily do the same thing here, but it just doesn't feel very 'Drupal' to me.
Any Drupal-esque recommendations for the best way to tackle this (modules, plugins etc)?
Thanks
Froogle
There are more sophisticated (and complicated) ways to accomplish it, but the following would meet your basic requirements:
Under Admin > Site configuration > File system, set the Download method to Private.
On the Admin > Site building > Modules page, enable the core Uploads module
On the appropriate content pages, under the File attachments option, upload the videos and whitepapers
Under Admin > Site configuration > Error reporting, set the Default 403 (access denied) page to user/register.