Security breach with faulty url

  • I was trying to hide all Post that is added by using a category protection rule. (Category Protection)
    All Post have the same category. And only logged in users are allowed to view the posts, and don’t want to set the post as private.

    Works if the post or blog is directly address by url.

    But for example using a faulty url to something that does not exist.
    https://www.page.se/?p=irrellevant
    It will present the blog and all it contents !! Security Breach

    Permlinks are used as
    Anpassad struktur : https://www.page.se/%category%/%postname%/

    —-
    Quick solution

    Enable (Individual Posts) protection.
    If the restriction is added for all posts, one by one. It will work, but this needs to be made each time a new post is added. It should be done automatically..

Viewing 1 replies (of 1 total)
  • Plugin Support Amin – WPMU DEV Support

    (@wpmudev-support2)

    Hello @andreasmattisson,

    I’m afraid this is how this add-on works. It does not hide posts excerpts on blog page, only add-on for Individual posts, that you activated hides posts totally.
    Category add-on is used when you want to show excerpts on blog page, so it’s not empty – when visitor tries to access blog post (full content) it shows them protected content message.

    kind regards,
    Kasia

Viewing 1 replies (of 1 total)
  • The topic ‘Security breach with faulty url’ is closed to new replies.