G T

Yes, I agree not every user have a need on user group management. But it is not an uncommon case. Although installing a 3rd party plugin to manage will do the same work, 3rd party plugins are sometimes not reliable and lack of frequent bug-fixing and security patching. It may cause a trouble if we want the WP site to be used for a long time.

I will explain like this. I think every user is assigned to one role (level) only but can be in multiple groups.

E.g. I am going to create three pages, Page 1, Page 2 and Page 3.
And I assign Page 1 and Page 2 to group A and assign Page 2 and Page 3 to group B.

The users belong to group A can edit Page 1 and 2 while users belongs to group B can edit Page 2 and 3.

Re Andrew:

I think the system should provide a default group that allows public access. All page/post/media is assigned to this group by default.

OK.

The firewall blocks the traffic of the two sites (perhaps only blocks certain ports, so that’s why we can access the front-end webpages but can’t login the Dashboard for WiFi/Outside network users). The IT Sec guys said “PHP Remote File Inclusion Vulnerability” and gives me this URL -> https://www.fortiguard.com/encyclopedia/vulnerability/#id=12699. That’s the information I know.

I tried to update my WP and all plugins to latest version. But it doesn’t work.

I also tried to disabled all plugins and switch back to default theme. But it doesn’t work.

Any Idea?

Actually, both the IT security team and I (web master) do not know the solution and why the firewall will mark it as RFI (Remote File Inclusion).

I am now sure whether our WP sites have vulnerability inside the WP core and the plugins OR the firewall was just being too sensitive.

So, I hope WP technical team or WP experts here can give me some advice. Thanks so much.