We have been using the plugin for 8 years now and it worked fine, but since the last wordpress update you get logged out after every single click you do in the backend or frontend of a website. I did test now for a couple of hours and somehow it still works in firefox (after clearing cache and cookies) but in chrome and edge you get logged out every time you click somewhere…
]]>Hi there
I have been using this plugin for a decade or so on my multisites and remarkably it still works!
Anyway, I noticed that there is a fork:
https://www.ads-software.com/support/topic/contributing-to-the-plugin-2/
and tested the updated plugin, which seems to work fine too (as far as I can see on a test rig), so
@dsader thanks for the useful foundational work
Question: is it safe to move to the forked version and will the forked version find its way into the WordPress repository (so we can get automatic updates etc)?
]]>This plugin used to work great for us, and it is currently being used to restrict access on 44 sites in our multisite network. However, we started to get complaints over the past year, and discovered that when this plugin is active, WordPress admin URLs with a nonce do not work and the user sees the message “The link you followed has expired.” Deleting posts is the perfect example.
We would love to continue using this plugin because there is no other plugin that restricts a site’s access as simply as this one.
]]>Anyone know if the new XML sitemaps in WordPress 5.5 interfere with or override this plugin?
Are sites marked as Visible only to Network, to Site, or to Admins kept out of the sitemaps?
]]>Hello, thank you for this. Is there a way to make the main site public, and at the same time, use the network setting override to make all the subsites visible to registered users only? I am trying to provide a private sandbox site for users, but at the same time, I want the main site to be accessible. I don’t want the individual subsites to be able to change the option, so I am stuck with enabling the network wide setting. Thanks!
]]>Hi, we have WordPress multisite v5.2.3. Everytime a user creates a new site and at the same time chooses any privacy setting other than ‘Allow search engines to index this site: Yes’ we get an email:
Site “Company blogs” (ID: 1), https://blogs.company.local, changed reading visibility setting to “Visible(1).”
Maybe something has changed with newer versions of WordPress that causes this behavior? (I don’t recall when this behavior first started)
We have not added any new plugins to our site.
-VeM-
Hi dsader,
We use More Privacy Options and would love to contribute some improvements to the plugin. Do you have a place where you develop the code like Github or Gitlab so we can send proposed pull requests?
]]>We had a use case with Multisite where the root blog is utilizing More Privacy Options to require you to be logged in, but there were some subsites (domain.org/foo) that were open to the public. This had the issue where traffic to domain.org/robots.txt was being intercepted by More Privacy Options.
To fix this, I simply added this to .htaccess and things work as desired now.
# Don’t muck with people trying to get robots.txt
RewriteRule ^robots.txt – [L]
Just sharing in case it’s helpful to others (or if they have a better idea)
]]>Hi there.
Great plugin.
Where can I send you the Greek translation of the plugin?
Bests Lena
]]>Hi David, plugin works great and has done for many years, it’s only recently in moving my site (open to registered users only) reality-hackers.com that I realised that it’s actually a wordpress MU version and as such is in the: wp-content/mu-plugins/ . . . directory . . . is it possible for you to advise me on how I can switch from the old to the new ‘normal’ plugin version without A) losing the ‘privacy’ while B) hopefully not causing a problem to the site which is actually a multisite? Thanks
]]>We’re seeing this notice in our PHP 7.1 environments:
Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; ds_more_privacy_options has a deprecated constructor in /var/www/html/wp-content/mu-plugins/more-privacy-options/ds_wp3_private_blog.php on line 93
I really appreciate the plugin.
Not knowing how or what you monitor regularly, I’m just letting you know that the JSON endpoints (/wp-json/wp/v2/posts, /wp-json/wp/v2/pages etc.) seem to be accessible with this plugin in ways that might be an issue.
I submitted a pull request in Github that I think addresses this issue. Hopefully it’s helpful.
In any case, thanks again for the plugin. I’m not trying to harass you but wanted to make sure you were aware of the situation.
]]>Hi,
we are working on the translation into Spanish, but this plugin is not properly prepared for localization (View detailed logs on Slack: https://make.www.ads-software.com/meta/handbook/documentation/translations/#this-plugin-is-not-properly-prepared-for-localization-%e2%80%93-help).
Thanks a lot!
]]>Hello,
There is a plugin of multisite-auth:https://www.ads-software.com/plugins/multisite-auth/, which support assign one of any subsite as login/register/reset password site.
So, now with the advantage of Multisite-auth, it is possible to completely hide the main/root site and redirect users to a subsite based on roles/visiter, since administrator can login site on any one of subsite, and then go to main site dashboard.
It would be great if More Privacy Option support redirect any visitors and other user roles to customed URL both frontend and backend.
Would you please let me know whether it is possible to do, thanks, and have a nice day.
Alex
]]>Great plugin. Thanks. I installed this because I’m running a multi-site network with each site behind an individual paywall. I discovered that users who are signed up for any site on the network can access any site in that network if they have the URL.
I found your plugin and it solved that problem. YAY!
Trouble I’m having now is that the sites are invisible to the search engines based on the way I have it set up. I want the content to be indexed but for people to meet a “paid members only” page with a link to that products sales page.
So far as I can tell, there are five options available in the reading settings, as you can see here: https://opusmarketplace.com/wp-content/uploads/2017/05/privacy-options-screengrab.jpg
I can only choose one of those options. Is it possible to achieve what I want with your plugin or am I going to have to come up with another solution?
Thanks again.
Carl Donovan
Opus Marketplace
I’d like to alter the appearance and message on the page that shows when a user attempts to access a blog that they’re not a member of. Can you please describe how to do this?
Thanks
TW
]]>Fine plugin you have, David.
Request.
Is it possible if we could also restrict site visibility by role?
This option could be added right under the “Visible only to administrators of this site” option, with a drop down option.
Further,
Is it possible to be redirecting the restricted user to the ‘login page’ or any custom set page?
thank you for your good work.
]]>When logging into a site I’m seeing the “This site is in maintenance mode” notification when logging into a site that is live and site visibility is set to “Allow search engines to index this site”.
The site is part of a Multisite network and some sites are set to “Visible only to administrators of the site”.
Screenshot: https://www.evernote.com/shard/s31/sh/22afc634-3965-4198-85ea-9f718e989015/be6ab67c72bb2ee041309857fba3fcba
I have the visibility set on a site-by-site basis but some site admins cannot log in to edit their content. This is not happening for all users.
]]>Heya!
A few years back, you helped me put together this simple plugin we can activate on some sites in our network to disable More Privacy Options for the site.
With the latest update, the plugin no longer works. It looks like it’s because it simply creates a “new DS_More_Privacy_Options” without assigning it to a variable. Here’s our current little plugin:
global $ds_more_privacy_options;
remove_action('template_redirect', array(&$ds_more_privacy_options, 'ds_users_authenticator'));
remove_filter( 'login_url', 'ds_my_login_page_redirect' );I’m wondering if you you can see an easy way to restore this plugin’s functionality without changing More Privacy Options at all, or have any other suggestions.
Cheers!
]]>We’re experiencing a problem accessing the RSS feed when the plugin is enabled and the sites visibility is set to visible only for registered users or the administrator.
When accessing the feed (https://example.com/feed/) through a browser you’re prompted to insert the username and password twice.
This is a problem when trying to access the feed from curl or with file_get_contents() in PHP.
I’ve been able to replicate the problem on a clean WordPress installation and below are som header output from curl:
Without the plugin enabled:
$ curl -I https://wordpress.domain.dev/feed/
HTTP/1.1 200 OK
Date: Mon, 22 Aug 2016 08:24:02 GMT
Server: Apache/2.4.18 (Ubuntu)
X-Pingback: https://wordpress.domain.dev/xmlrpc.php
Last-Modified: Mon, 28 Sep 2015 17:04:09 GMT
ETag: "7e7f82da70bcfd2f08ba739248106f1d"
Content-Type: text/html; charset=UTF-8With the plugin enabled and visibility set to registered users or the administrator:
$ curl -u "admin:password" -I https://wordpress.domain.dev/feed/
HTTP/1.0 401 Unauthorized
Date: Mon, 22 Aug 2016 08:24:12 GMT
Server: Apache/2.4.18 (Ubuntu)
X-Pingback: https://wordpress.domain.dev/xmlrpc.php
Last-Modified: Mon, 28 Sep 2015 17:04:09 GMT
ETag: "7e7f82da70bcfd2f08ba739248106f1d"
Set-Cookie: wordpress_41193cf728d4d7b51d01f6c22f880058=admin%7C1473063853%7ConSnJR8ce7ICpqzCyJKy5BZQYyLazVA5DDguZDwjgaS%7Cf4a0623ef9593e7b3554e77a68787dcc21473eff9eea4bfcaeb6590cfee85889; expires=Mon, 05-Sep-2016 20:24:13 GMT; Max-Age=1252800; path=/wp-content/plugins; HttpOnly
Set-Cookie: wordpress_41193cf728d4d7b51d01f6c22f880058=admin%7C1473063853%7ConSnJR8ce7ICpqzCyJKy5BZQYyLazVA5DDguZDwjgaS%7Cf4a0623ef9593e7b3554e77a68787dcc21473eff9eea4bfcaeb6590cfee85889; expires=Mon, 05-Sep-2016 20:24:13 GMT; Max-Age=1252800; path=/; HttpOnly
Set-Cookie: wordpress_logged_in_41193cf728d4d7b51d01f6c22f880058=admin%7C1473063853%7ConSnJR8ce7ICpqzCyJKy5BZQYyLazVA5DDguZDwjgaS%7C30852dc698dfdfa76729a3b9f0f90a2ac271c19bb09104fcef42d298b6c8921e; expires=Mon, 05-Sep-2016 20:24:13 GMT; Max-Age=1252800; path=/; HttpOnly
WWW-Authenticate: Basic realm="wordpress.domain.dev"
Connection: close
Content-Type: text/html; charset=UTF-8looks wordpress 4.3.2 not math minilaptop 4.3
]]>Hello,
I’m using your plugin and it is great. However, there are some minor errors (in terms of clean programming violations) that always popup in our error log (the errors are not functional, but it is hard to grasp the real errors, if such PHP notices pollute the error log):
The solution to the first two points is easy; just replace:
$credentials['user_login'] = $_SERVER['PHP_AUTH_USER'];
with:
$credentials['user_login'] = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';
The third problem can be solved by replacing:
$user_id = get_user_id_from_string( $user->user_login );
with
$user_id = !is_wp_error( $user ) ? get_user_id_from_string( $user->user_login ) : null;
And finally we need to use __construct to stay future proof. PHP4-styled constructors will be not called by future PHP versions. so we need to rename the method ds_more_privacy_options to __construct.
Additionally we can add another method to retain backward compatibility:
function ds_more_privacy_options() {
$this->__construct();
}I hope you can understand why clean programming is important. If you got questions, feel free to contact me. I’ve also appended now a patch if that is easier for you:
Index: wp-content/plugins/more-privacy-options/ds_wp3_private_blog.php
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- wp-content/plugins/more-privacy-options/ds_wp3_private_blog.php (revision 4)
+++ wp-content/plugins/more-privacy-options/ds_wp3_private_blog.php (revision )
@@ -94,6 +94,10 @@
var $l10n_prefix;
function ds_more_privacy_options() {
+ $this->__construct();
+ }
+
+ function __construct() {
global $current_blog;
if ( ! is_multisite() ) {
@@ -181,7 +185,7 @@
$blogname = get_blog_option( $blog_id, 'blogname');
$email = stripslashes( get_site_option('admin_email') );
$subject = __('Site ', $this->l10n_prefix).'"'.$blogname.'" (ID: '.$blog_id.'), '.get_site_url( $blog_id ).', '. __('changed reading visibility setting to ', $this->l10n_prefix) .'"'. $to_new.'"';
- $message .= __('Site ', $this->l10n_prefix).'"'.$blogname.'" (ID: '.$blog_id.'), '.get_site_url( $blog_id ).', '.__('changed reading visibility setting to ', $this->l10n_prefix) .'"'. $to_new.'."';
+ $message = __('Site ', $this->l10n_prefix).'"'.$blogname.'" (ID: '.$blog_id.'), '.get_site_url( $blog_id ).', '.__('changed reading visibility setting to ', $this->l10n_prefix) .'"'. $to_new.'."';
$message .= __(" \r\n\r\nSent by More Privacy Options plugin.", $this->l10n_prefix);
$headers = 'Auto-Submitted: auto-generated';
@@ -345,11 +349,11 @@
//December 2012 tested with "Free RSS" for iPhone. Google Reader does not authenticate locked feeds. Tough to find a free reader that does authenticate.
global $current_blog, $blog_id;
$credentials = array();
- $credentials['user_login'] = $_SERVER['PHP_AUTH_USER'];
- $credentials['user_password'] = $_SERVER['PHP_AUTH_PW'];
+ $credentials['user_login'] = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';
+ $credentials['user_password'] = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';
$credentials['remember'] = true;
$user = wp_signon( $credentials, false ); //if this creates WP_User, the next 3 lines are redundant
- $user_id = get_user_id_from_string( $user->user_login );
+ $user_id = !is_wp_error( $user ) ? get_user_id_from_string( $user->user_login ) : null;
if ( is_wp_error( $user ) ||
// "Members Only"
\ No newline at end of fileMr. Sader,
I would love the ability to toggle off the Network Admin e-mail notification. I have a few new sites added every day, and nearly everyone wants to play with that setting. I don’t have any interest in what the users pick, so I have no interest in the e-mail.
For now, I’ve simply been commenting out the e-mail line, but I thought I’d put in a request here, since I’m sure others would like it as a toggle option as well.
-Lee
]]>Hi David, I’ve been using the ancient mu version on a ms site for years. today I created a new MS install and installed the latest privacy options plugin.
Now, on activating the plugin in the admin everything seems fine, except when I chose to ‘view site’ then I’m taken / redirected to the login screen BUT it won’t let me log in / I enter my details and am immediately put back / redirected to the login screen again. Now, if I entire url/wp-login.php I get the login screen and I can login BUT only into the admin area as soon as I click on view site I’m stuck in the same loop.
Ahh, the above is with firefox – I just tried ie as I was writing this and that works . . . so it’s ff – so this is solved BUT I’ll still post this just in case anyone else ever has the same bizarre problem!!!
]]>Hello,
I installed the more privacy options on a local site and remote site that are fairly similar (same plugins and themes, different server, php, database).
Locally, the plugin works fine.
On the remote site, the plugin is active on a site but anyone — logged in or not — can view that site.
In debug.log I see:
17-Mar-2016 13:16:53 UTC] PHP Notice:
Undefined variable: blogname in /var/www/vhosts/.../wp-content/plugins/more-privacy-options/ds_wp3_private_blog.php on line 184Hello. Is there a way to restrict certain webpages created by me, the superadmin, to my Multisite users who register for their own WordPress site? I don’t want the public to able to see these restricted webpages, only Multisite users who are logged in. Is this possible?
]]>Sending the admin emails throws “PHP Notice: Undefined variable: blogname in /path/to/wp-content/plugins/more-privacy-options/ds_wp3_private_blog.php on line 183” and “PHP Notice: Undefined variable: blogname in /path/to/wp-content/plugins/more-privacy-options/ds_wp3_private_blog.php on line 184”.
This can be fixed by adding the line:
$blogname = get_blog_option( $blog_id,'blogname' );
prior to line 183 in ds_mail_super_admin().
Additionally, it would be nice if there were:
so that the subject and message read as follows:
Site “Site Name” (ID: 2), https://my.domain/sitepath, changed reading visibility setting to “Visible” (ID: 1)
You could also namecheck your plugin in the email message so it’s obvious what the source of the email is. An extra line in $message to say “Sent by More Privacy Options” would be helpful.
Thanks for the plugin David.
]]>Global settings are:
Visible only to registered users of this network
Default: visibility managed per site.
Is the first one default and overridden by settings on individual blogs? I don’t want to force privacy but would like new sites to be private by default then can be changed.
]]>Just FYI: Something changed in WP 4.4 that made older versions of this plugin no longer function (trying to log in would just fail repeatedly)
The most current version here seems to work fine with 4.4, but because people were likely using older version in mu-plugins, they probably haven’t been keeping this up to date.
]]>First of all – Thanks for a great plugin!”
Any advise on this would be highly appreciated.
What I want to accomplish:
Main site with a public part and some content for suscribers only.
A number of subsites located in subdirectories, where only users registered on the specific blog have access.
Scenario Overview:
a) I am running a WP Multisite installation – the “main” site is placed at root level. Subsites are in subdirectories.
b) “More Privacy Options” is installed and enabled for the network.
c) “More Privacy Options” is not used on the “main” (top site). This is left at default. To control access here I have used “Ultimate Member”.
d) For subsites I have set the level “Visible only to registered users of this site”.
Problem I run into
Before activating “More Privacy Options” on subsites:
– After signing in on main site, I could access the 2 subsites without problem.
– If I attempted to access the 2 subsites, without logging in to the main site, I was prompted with a login box. Login fully functional.
– Once logged in, the user from subsite “a” was able to access data on subsite “b”. This is fully expected, as this is standard for WPMU.
Symptoms after activating “More Privacy Options” on subsites, setting “Visible only to registered site users”:
– Attempting to access the subsites directly without being logged in results in “This webpage has a redirect loop” / “ERR_TOO_MANY_REDIRECTS”
– If user is already logged in at main site, access is correctly controlled to the subsites. User from sub-site “a” can not see sub-site “b” and vice versa.
– When user logs out, the “This webpage has a redirect loop” / “ERR_TOO_MANY_REDIRECTS” is displayed again on (depressingly) gray page ??
Any idea why / anyone had the same issues?
Can I alter security an any of the subsite pages to permit display of “logon” and “home page” for subsites, thus avoiding the redirct issue?
What I have attempted”:
– Checked .htaccess file and replaced with “boiler template” version – Made no difference.
– Have attempted to clear cookies etc by adding to “wp-config.conf” – Made no difference.