Problem to open Profile page

  • Resolved gurra

    (@gurra)


    2 years, 8 months ago

    Hi,

    On two of my sites using aiowps I can’t open my Profile page (as an administrator) the ordinary way, i.e. via the menu alternative Users in the Administration (neither via my user name in the right top of the window). I need to go via the menu alternative WP Security/User accounts/Edit User (which opens the Profile page in a new tab). For other users (with other roles) I can open the Edit User/Profile page the ordinary way.

    On my other sites using aiowps it is no problem to open my profile page (as an administrator) the ordinary way, i.e. via Users.

    The problem described is of course no big issue to handle. But can the problem indicate any security risk for the sites working one way or the other? And what might be the reason it works on different ways on different sites?

    Best regards

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support vupdraft

    (@vupdraft)

    If you deactivate AIOPS does the issue persist?

    Thread Starter gurra

    (@gurra)

    No. When deactivating aiowps, the issue disappears – i.e. the Profile page can be opened the ordinary way. (It wasn’t enough to disable security features and firewall rules, I had to deactivate.)

    Just a thought – maybe the plugins PublishPress Permissions and/or Theme My Login cause the problem (these plugins are only used on the sites with the problem).

    Anyway, as partly said, the focus on my question is if the problems to open my Profile page the ordinary way indicates any security risk. If not, there is no reason to put more work on the issue, because of the Profile page can be opened via WP security/user accounts.

    Plugin Support vupdraft

    (@vupdraft)

    It’s highly probably that your PublishPress Permissions/Theme My login are causing a bit of a conflict,
    If you open the JS console do you see any errors?
    here are some instructions in case you need them: https://updraftplus.com/faqs/how-do-i-open-my-browsers-developer-tools/
    I don’t think this will be causing a security issue but it would still be good to find the cause if we can.

    Thread Starter gurra

    (@gurra)

    Thanks for your answer. I don’t expect you to come with any conlusions from my research presented below. I understand it is about too much details to discuss in this forum. But if you want to read it and perhaps have some thoughts I of course appreciate. If you read and not have any thoughts I will stop my investigations for the time being with the conclucions that the problem depends on the other plugins.

    My research:

    The JS concole is not something I am sure how to read/interpret. And in this case I am not sure in which step I should use it. (1) When open the Users page, (2) when open the WP Security/User account page or (3) when open the my Profile page via the WP Security/User account page? Neither if to use the F12/Concole tab view or the ctrl+shift+J view (the first alternative shows no errors the second alternative shows several errors – regardless of which step – 1, 2, or 3.) And, as said, I don’t know how to interpret the errors. The most relevant errors seems to be when using ctrl+shift+J view on the Profile page, e.g.”Error: can’t find profile directory” or “Content Security Policy: the page settings blocked the load of a recourse on inline (“default-src”)”. (The last phrase my translation).

    When open via F12 and the tab for troubleshooting I find one perhaps interesting note when my Profile page is open: “Error: Incorrect contents fetched, please reload.” But I guess the explanation of this note may be that this Profile page has not the same design as the one opens when not using/deactivating aiowps, probably depending on the Theme used (Twenty Fifteen). It has the same design though as when open other users Edit User pages.

    Plugin Support vupdraft

    (@vupdraft)

    It does seem that one of your AIOWPS settings might be blocking something.
    Can you goto the settings tab and disable the Security Features/Firewall rules one at a time so we can start to narrow down which setting it might be?

    Thread Starter gurra

    (@gurra)

    I doubt your suggestion will help to find an explanation. As said above (in my second comment) the problem disappears only when I deactivate aiowps. It didn’t help to only disable the security features and firewall rules. So I guess disabling the features and rules one by one should not make any difference, meaning it would show some special feature or rule having an effect on the problem.

    I guess the conclusion of this also will be, as partly discussed earlier, that it is nothing wrong with the site as such (all works okey when deactivating aiowps), but the problem is a conflict between the plugins PublishPress Permissions or Theme My login and aiowps. Possibly I could get this conclusion confirmed by deactivating the plugins mentioned, but I rather not want to, because it should make documents public that shouldn’t be (and also I am not sure if all of the settings I have done with these plugins remains when activating them again).

    If you think it is important to continue trying to find an explanation because of security reasons, I will continue testing based on your suggestions. But if quite sure no security risk, I think the best is to close this topic.

    Plugin Support vupdraft

    (@vupdraft)

    Hi,

    I don’t feel that it is important for security reasons and I understand why you would not want to deactivate your other plugins to test for a conflict.
    I will close this for now but please do not hesitate to open up a new thread should you want to investigate this further in the future.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Problem to open Profile page’ is closed to new replies.