Ultimate Mamber can bypass password by going to url

  • Resolved billreich

    (@billreich)


    3 years, 11 months ago

    I am using Ultimate Member to require a password to log into my site billswebsite.online.
    However, I am getting comments from people that have not logged in. I think they are going directly to the url of the comments page. They are not stopped for a password if they go directly to the url of the comments page.
    Do you know of any way to stop this?
    Thank you
    Bill

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Contributor Champ Camba

    (@champsupertramp)

    Hi @billreich

    Is your theme a custom one by You or is it purchased from a third-party developer?

    If purchased from other developers, please contact them to provide a filter hook to disable the comment section to hide for non-logged-in users.

    Regards,

    Thread Starter billreich

    (@billreich)

    Thank you for your reply
    I am using the X-Theme by Themeco
    It is not just the comments page. They can get to any page using the url. From there they can use the menu to go to any other page.

    So, I would like to block all pages from being accessed by the URL.

    Shouldn’t this be a part of Ultimate Member? I looked for it but cannot find such a think. I also looked through the list of Shortcodes (which I do not know how to use but will find out if need be) but nothing seemed to match this.

    Unless you know of something else, instead of contacting Themeco, I will put a php script that will pass a parameter from the Login page “submit”. All the other pages will look for this parameter in the $_POST array and decide whether to let them in based on the presence of this parameter. If there is no array(they did not come from the login page or other page on the site) then I will not let them in either. Does this sound ok?

    Do you know of anything in Ultimate Member that will add to the data sent by all the submit buttons so I do not need to do each submit button separately?

    Thank you
    Bill

    • This reply was modified 3 years, 11 months ago by billreich.
    Thread Starter billreich

    (@billreich)

    I found an Ultimate Member shortcode on the Ultimate Member site under Core Shortcodes.
    It says it hides the content of the page if the user is not logged in. This is exactly what I want it to do but it does not work

    It only hides the menu but leaves the rest of the page visible.

    This is the first time I am using a shortcodes. Based on what I read, to install it, I went to edit the page, clicked to add a new block. Entered the word short in the search box and selected the shortcode icon. I pasted in my shortcode and clicked on Update.

    Like I said, it does not work. The shortcode only hides the page’s menu. The rest of the page is visible.

    Do you have any suggestions?
    Thank you
    Bill

    Plugin Contributor Champ Camba

    (@champsupertramp)

    Hi @billreich

    You can set your site to be accessible by logged-in users only globally in the WP – Admin > Ultimate Member > Settings > Access. And then you can also exclude URLs that don’t require login.

    In this way, all posts are restricted using the above settings and all non-logged in users will be redirected to the login page when they access a restricted page.

    Regards,

    Thread Starter billreich

    (@billreich)

    Thank you very much.
    This works great
    I have to figure out how to better find things in this documentaton. I spent a lot of time trying to find this information but did not see this. I did find the shortcode that I described above but this is a perfect solution.

    Thanks again
    Bill

    Plugin Contributor Champ Camba

    (@champsupertramp)

    Hi @billreich

    Thanks for letting us know. I am closing this thread now.

    Regards,

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Ultimate Mamber can bypass password by going to url’ is closed to new replies.

Tags