hidden yes.. but accessible!

  • in whitelabel it says that

    “Menus will be hidden to all User Roles up to and including Admins (with the exception of White Label CMS Admins and Super Admins).”

    I’m fine with it.. I’m starting to hide the menu items. after I finish I find out the very bad news
    it is always possible to access the hidden menus by typing the url and thus access all prohibited areas where the “non-admin” role is not supposed to access it..
    what makes “hiding” unsafe

    what is really desired by hiding the elements is to really block their access by displaying the message
    “Sorry, you are not allowed to access this page.”

    what i found and did with role editor pro document
    Too bad you didn’t take this detail into account.
    I would have liked to avoid having to install 2 plugins
    for this task.
    I hope this will be taken into account in the next versions`

Viewing 1 replies (of 1 total)

  • Just found your post … I also learned about this only by coincidence when I tested something. I also have Role Editor (not “pro” anymore) installed.

    However, at some point, I didn’t invest that much time anymore to figure out how things play nicely together.

    I agree, it would be best to have ONE plugin managing it and not two.

    What “toolstack” did you end up with in the end?

    My goals are:
    1. simplify WordPress for the Editor who is not that knowledgeable in WordPress
    2. prevent them from doing things and accessing things they should not access with their normal Editor user

    Do you go with User Role Editor instead of White Label CMS? Or are you still using both together?

    White Label CMS really comes with some cool features, but to me, just “hiding” is also not enough

Viewing 1 replies (of 1 total)
  • The topic ‘hidden yes.. but accessible!’ is closed to new replies.