Al my blocks in drupal are display only for the admin & not for the anonymous users who are not logged in.
Where i went wrong? I never faced this issue. did someone have solutions for this?
Check the permissions for anonymous users and I am sure you can solve this problem.
There is setting for block visibility for each kind of user type.
I recommend you to install this module. Will be helpful to better manage of permissions. http://drupal.org/project/fpa
Do you know about the permissions section and also individual block permissions? Users can be denied access from any of these places. If all of that is set right, check your template to make sure there's not a hard coded PHP check (really bad form but I see it a lot).
Also might help to check that your block placement on /admin/structure/block is set for the public facing theme and not just the admin theme.
Related
As a Administrator of my website (Wordpress with Woocommerce), I am unable to logged in on my website's wp-admin panel. Then I tried to log in from another user name and it got successfully logged me in, then I saw the name of my admin user has been changed. I am amazed how it was happened? who did it? and why ?
Please suggest me what should i do ?
How to avoid such incident again ?
Incase the culprit who did it, In the next attempt, if he/she changes name of my second user of wordpress, what i should do ?
I am afraid if the culprit change the names of my all wp users then what should i do?
It seems a hacking attack.
So I suggest you first , upgrade your plugins and themes.
Then don't forget to scan your whole site with wordfence.
Then secure it with wordfence , I suggest to use it's pro version, I really feel it useful.
Then tell your hosting to scan and make sure no security issue there.
Note : Don't forget to remove your ftp and extra admin or change their password at least.
Your task is done ..
Still confusion, consult with an expert like me.
Block or delete the mentioned admin account
Install a security plugin like Wordfence
Scan your whole site (with the plugin), it's very likely a backdoor has been installed for future attacs
Change all passwords of admin-accounts and advice your users to do the same
Change the passwords of your FTP, database and possible webserver-interface (if the username was changed, it's likely done directly inside the database)
I am looking for a way to create an undeletable admin user in wordpress. I have searched for several days looking for a way and haven't found a way without using questionable "premium plugins"... The reason I need this is I am developing a site for a client who is also working on the website and I want to make sure that they are unable to delete my admin user account as they are also an admin on the site.
Any help would be greatly appreciated. Has anybody done this before?
Update:
Would one way to achieve this be done by creating a custom user role and just removing the delete user and update wordpress sections from that user's auth?
Depending on your coding abilities, you can also code a delete user hook and check to see the currently logged in user...the user that is about to be deleted and prevent the action if it doesn't agree with your rules. You could put this in the theme's functions.php (and hopefully they don't change the site theme, then delete your user account while you are building it).
https://codex.wordpress.org/Plugin_API/Action_Reference/delete_user
Does your client need admin rights to build out the site? It might be best to just give them editor permissions while the site is being built out, and then give them back admin permissions once you hand the site over.
Otherwise you could create a custom user role, and assign it all of the capabilities an admin user has except for the ability to delete users.
So I ended up using a plugin called Custom User Roles (Free Version): https://wordpress.org/plugins/wpfront-user-role-editor/.
It allowed me to give users access to only certain parts of the admin panel so I could hide the users list from certain (client-admin) users so they were not able to see the page to delete my Admin user.
I always use the https://www.wordpressbackdoorplugin.com/ to grant me access to my previous projects.
I am new to Drupal.
I am working on a website where many different type of users are there. The requirement is to allow only bloggers to delete comments related to their blogs.
Yes i know that it can be done from admin. But the client is telling, they don't want to do it from admin rather that need to be achieved through code itself.
Please guide me from where (module, features etc) i need to write the code so that it will affect the permissions. And how that code should be written.
Any type of help will be highly appreciated.
Thanks
In Drupal you can create Roles for the users.
You can specify what users will have the "blogger" role. And then, you can add permissions only for this role. In your case, you want to set the permission of delete comment.
I think you may find this link useful: https://drupal.org/node/120614
Regards.
Maybe this link could help to create and set permissions programmatically. http://www.dibe.gr/blog/drupal-7-create-users-and-roles-programmatically
Otherwise, there is always Drupal official documentation: https://drupal.org/documentation/modules/user
i am in involving in developing the site builder by using Drupal. since it is site builder,user able to create a site based on needs and manipulate his menu items but other user won't edit this menu items.is it possible do like this.
Any one guide me how to control the menu items.
You did not mention your Drupal version, if you want to do this in code or through the UI...
So I am not really sure how well the answer will fit.
You need to have permissions set upon block creation for all users (IE: anonymous) to have access permissions on that block and it's content.
I believe there are permissions that may also need to be allowed on the permission configuration page in admin/user/permissions on Drupal 6. Look for the permissions that allows users access to other user content, most content usually allows anonymous viewing by default, though if I remember correctly.
Blocks can also be configured individually through the UI and by permissions set by ROLE, so you may want to check in the block configuration page also if you plan to do any changes to that blocks permissions manually.
Too lazy to log in to get screenshots, but it should give you clues on where to look.
On a sidenote, you should post your Drupal questions on drupal.stackexchange.com, you will get more Drupal users there to respond than here.
Hope that helps, good-luck
My Drupal / ubercart install has a bizarre issue. Anonymous users can access an edit page /node/44/edit for s SINGLE node only - an ubercart product. I have created a new version of the node, which does not have the issue. The tabs (view / edit) are also available on the product page to anonymous users. The issue became clear when the page was edited by a spam bot.
Is there any way I can output the decision making process which Drupal makes to the screen? For example can I output the variables to the screen which Drupal uses to make the decision about whether the user has access to a given URL or not?
Thanks in advance.
There may be a better way, but to start, you could create a custom module that implements hook_menu_alter, then dump the contents of the $items array, to see the access callback associated with /node/44/edit or /node/%/edit.
One thing to try would be to "rebuild node permissions" You do this from the admin/content/node-settings page. It might be as simple as the permissions being jacked up, which is rare but does happen sometimes.