How do authors/editors access the wordpress dashboard? I have changed there user role from a user to an author. As I am an admin, I get a dashboard link in the top left or I get ‘edit page’ on the pages I can edit. The website we have is an internal intranet so I cannot share the link.
]]>We would like to limit this to a smaller group of administrators, so that we don’t always have to uselessly flush out all the admins in this matter or flood their mail accounts.
Have we possibly overlooked a setting, if not, could a setting field be created to make such a limitation? Thank you very much for an answer in advance.
]]>Thanks
]]>I have Notice behaviour that was not authorized (i.e., creation of new users, etc…)
You can visibly see that your site has been hacked when you open it in the browser as I have had 170 New admins added to my WordPress account
Date Documentation – 5th December 2020 Perth Time
1. Yes ALL passwords have been changed numerous times
* still hacked Admins being added
2. I removed all Plugins
* Still hacked – Admins still accessing site adding Pages ( now up to 300 and new blog categories)
3. I have paid for SSL certificate with Bluehost
* still hacked – New admins being added
4. I have scanned site on Bluehost numerous times – NO Malware
* still hacked – new admins
5. I have word fence – on site
* Wordfence tells me daily there are new people trying to recover passwords
6. I do not have the PLUGIN – WordPress Easy WP SMTP or CONTACT FORM 7
* Still hacked with admins being added
7. Removed any paid-for WordPress template – *Site is [broken] now
* Site was quite for 3 days – then new admins added again
8. Keeping a record of these hacks – I am daily on the help chat with Support at Bluehost
9. I have had Auto SSL certificate removed – without me doing it. Hence I paid for a certificate – that ain’t stopping it. Sitelock told me I did not have an SSL certificate and I contacted BlueHost. Apparently, an admin removed it.
10. I have blocked 170 + IPS Address and also a series of IP addresses.
Guess what people it is now down to two entities – BLUEHOST – who have helped over 15 days to work out what the FLIP is happening
or WordPress which has not done anything but have a FAQ page on hacking –
or failed to openly address any WORDPRESS USERS of this
Todays attempted Logins – on WP-Login.PHP ( which I had to manually now block permanently IP address)
United States
/ 12/20/2020 4:06:21 AM 191.102.151.231 191.102.151.231 503
United States
/wp-login.php?action=login 12/20/2020 4:06:20 AM 191.102.151.231 191.102.151.231 503
United States
/wp-login.php?action=login 12/20/2020 4:06:20 AM 191.102.151.231 191.102.151.231 503
United States
/wp-login.php?action=login 12/20/2020 4:06:19 AM 191.102.151.231 191.102.151.231 503
United States
/wp-login.php?action=login 12/20/2020 4:06:19 AM 191.102.151.231 191.102.151.231 503
United States
/wp-login.php?action=login 12/20/2020 4:06:18 AM 191.102.151.231 191.102.151.231 503
Florida Gardens, Florida, United States
https://www.audreyandersonworld… 12/20/2020 2:28:47 AM 196.196.47.5 196.196.47.5 503
Florida Gardens, Florida, United States
/xmlrpc.php 12/20/2020 2:28:45 AM 196.196.47.5 196.196.47.5 503
Florida Gardens, Florida, United States
/wp-login.php 12/20/2020 2:28:37 AM 196.196.47.5 196.196.47.5 503
Florida Gardens, Florida, United States
/wp-login.php 12/20/2020 2:28:34 AM 196.196.47.5 196.196.47.5 503
Florida Gardens, Florida, United States
/wp-login.php 12/20/2020 2:28:32 AM 196.196.47.5 196.196.47.5 503
Florida Gardens, Florida, United States
/wp-login.php 12/20/2020 2:28:29 AM 196.196.47.5 196.196.47.5 503
Charlemont, Massachusetts, United States
/ 12/20/2020 2:25:07 AM 168.90.197.2 168.90.197.2 503
Charlemont, Massachusetts, United States
/wp-login.php?action=login 12/20/2020 2:25:06 AM 168.90.197.2 168.90.197.2 503
Charlemont, Massachusetts, United States
/wp-login.php?action=login 12/20/2020 2:25:04 AM 168.90.197.2 168.90.197.2 503
Charlemont, Massachusetts, United States
/wp-login.php?action=login 12/20/2020 2:25:02 AM 168.90.197.2 168.90.197.2 503
Charlemont, Massachusetts, United States
/wp-login.php?action=login 12/20/2020 2:25:00 AM 168.90.197.2 168.90.197.2 503
Charlemont, Massachusetts, United States
/wp-login.php?action=login 12/20/2020 2:24:58 AM 168.90.197.2 168.90.197.2 503
I have the free version
ANNOUNCEMENTS ONLY FROM ADMINS
1. I would like to “only” allow the ADMIN the send announcements
to all users. How can I do this?
So, as an ADMIN when I send an announcement what “username” can I use to send to ALL users?
CUSTOMER REPLIES ONLY TO ADMINS
2. I want customers to only be able to send emails to the ADMIN.
How do I disable sending emails to non-admins
Thanks
]]>https://gyazo.com/3afe5b821eb245c258500950c8fe79f8
https://gyazo.com/f84c2855e29fb2b159e16a6aabf04d3e
Can’t turn off 2FA for admins.
“Allow remembering device for 30 days” sounds good so I don’t have to do the 2FA dance with every login. Not sure how this works, but I’m never remembered.
“Whitelisted IP addresses that bypass 2FA”: great idea. I whitelisted all the IPs in my ISP’s usual range. Got 2FA’ed again today and my IP has not changed. I’m smack dab in the middle of the range: xx.90.218.[0-255] (where xx is a two digit number). It’s on a line by itself. Just like the examples provided in the backend.
That’s two basic bugs in this security plugin.
I like your competitor, All in One Security. It works. Buggy security software makes my skin crawl.
]]>