Please HELP: WP 3.2 – How can I prevent unauthorized people publishing POSTS?

  • Am I the only person who are allowed to Publish Post on My site? (WordPress 3.2)

    So was I thinking until today cause I′m Admin and all other users are Subscribers on my site. I have changed the rule for Subscribers to allow them Edit Post′s but they can′t Publish, they can “Submit for Review” and when I approve it then they can edit it again if they would like to.

    I′m working on WordPress 3.2 and I’m using Plugin: “Visitor Maps – View Who’s Online” to see who is online and what pages/post they are browsing.

    Today I saw a registered subscriber browsing this link:
    /wp-admin/post.php?post=13879&action=edit&message=6
    (That shouldn’t be possible?)

    I clicked on it and was redirected to “EDIT POST PAGE” on top of that page I could see the NOTICE “Post is Published“!!!!!
    (I belive thats why action=edit&message=6 in this link).
    I pressed “View Post” to that its really Published or not. And I was then redirected to: https://www.mysite.com/?p=13879
    They weird thing about that is I have changed permalink setting. So I publish a post it would look something like:
    https://www.mysite.com/animal/australia/kengru
    not like:
    https://www.mysite.com/?p=13879
    (That shouldn’t be possible or else I will get penalized by Google, Yahoo etc for duplicate content? (Same post with two different links)

    The last thing which surprised me when I was browsing this Published Post by unauthorized member I clicked on “Edit Post” and was redirected to “Edit Post (wp-admin)” there I could see the Link “Publish” not “Update” that means WordPress dont understand this Post is already Published?

    I double checked in “All Post” and this Subscriber/member had created 3 Posts and all had status as “Draft” but they was Published at same time.

    What does that mean? How can I prevent this?

    I have deleted this Posts and added Deny rule in htaccess and blocked the last login IP and Register IP from this Subscriber.
    But I belive this user can still access my site by using Proxy server etc? How to make WordPress secure?


    Thank you so much to team WordPress and developer for making such an incredible, powerful, endless, easy, fast and free platform ??
    I′m using it for 6-7 months now and learning couple of techniques everyday to improve my site. I′m just hooked and LOVING IT.

    I wish to make it secure.

    All advices will be highly appreciated.
    Thank you for your time

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Please HELP: WP 3.2 – How can I prevent unauthorized people publishing POSTS?’ is closed to new replies.