Navigation

Subcriber role getting access to restricted

By on February 19, 2016 in
Posted in

I have all my pages closed off with the groups Members, that I created. So unless a WP user has the group Member, they shouldn’t be able to have access to those pages, correct? But I have found that if a WP user has the WP site role of Subscriber, they are getting access to these locked pages, even though under Groups, they don’t have the Members status. Why are WP site role Subscriber being given access, and how do I turn that off?

7 Responses to Subcriber role getting access to restricted

  1. Gena February 23, 2016 at 6:03 pm #

    Thanks Antonio. Still working on the test site but continuing to check settings on the live site too. Unfortunately I didn’t add Groups or set it up. I’m just the one who now oversees it. The people that set it up are no longer around. So I’m not quite sure why they set things up like they did or how. Makes it a little hard to understand. And sorry, I forgot to correct you, I’m JoAnn one of the techs. Gena is the owner of the company, so the account is under her name. lol

    If I can ask one more question. It seems like every time we install a plugin a new capability is listed. We have like 197 capabilities now, though we only use about 6 we created. Do I need to keep all of them? Here is a partial list below.

    1 groups_read_post
    2 switch_themes
    3 edit_themes
    4 activate_plugins
    5 edit_plugins
    6 edit_users
    7 edit_files
    8 manage_options
    9 moderate_comments
    10 manage_categories
    11 manage_links
    12 upload_files
    13 import
    14 unfiltered_html
    15 edit_posts
    16 edit_others_posts
    17 edit_published_posts
    18 publish_posts
    19 edit_pages
    20 read
    21 level_10
    22 level_9
    23 level_8
    24 level_7
    25 level_6
    26 level_5
    27 level_4
    28 level_3
    29 level_2
    30 level_1

    • antonio February 23, 2016 at 10:39 pm #

      Hi,
      There are a lot of default WordPress capabilities that you can not remove. From Groups->Options you have a ‘Capabilities’ section to limit the capabilities to display in posts/pages edit page.
      Kind Regards,
      Antonio B.

  2. Gena February 23, 2016 at 1:52 am #

    This is exactly what happens. But I did try it all new again, I created a new page, restricted it with the Member group I created, and it wasn’t available at all, until I created a new user that was a subscriber, and now the page that was restricted is no longer restricted. So the groups restricting isn’t working. Any other thoughts besides plugin conflicts that could be causing this?

    • antonio February 23, 2016 at 6:22 am #

      Hi Gena,
      Really I don’t know what plugin could be, you could replicate your website creating a test site, where you can disable all not essential plugins, and try this enabling one by one.
      If you can send us creadential to the new ‘test’ site, we’ll be happy to help you.
      Kind Regards,
      Antonio B.

  3. Gena February 19, 2016 at 5:51 pm #

    Hi Antonio, thank you for your quick response. First, my test site is fully functional at this moment, so I can’t give you admin access. But can you walk me through what you would look at? I prefer to know exactly what is done on our sites. I do have all the pages restricted, and no one can get to them, unless they are logged in as a member (which is what we called the group). What I’m talking about is the standard WordPress Site Roles. WordPress has six pre-defined roles: Super Admin, Administrator, Editor, Author, Contributor and Subscriber. If any user is changed to the standard WP role of Editor, Author, Contributor or Subscriber, they have access to all my secure pages. The only way they are locked out of the pages, is if they are set up as a Customer from our Woocommerce. I’m hoping I just have a setting off somewhere in Groups, but I just don’t see it anywhere. How do I make sure the pages stay locked down, regardless of their WP site role status?

    • antonio February 22, 2016 at 6:27 am #

      Hi Gena,
      you can try to:
      – Create a new post and restrict it to a group, ex. ‘Premium’
      – Create a new user and add this user to the role ‘Subscriber’
      – Try to visit the restricted post with this user. You should get a 404 not found result.
      Please try this with a new post and a new user.
      If the problem persists, please have a look at your plugin, maybe there is another plugin relating to roles and/or permissions that could be causing conflicts.
      Kind Regards,
      Antonio B.

  4. antonio February 19, 2016 at 11:49 am #

    Hi Gena,
    if a post/page is restricted to a group, then users who is not in that group, shouldn’t can visit the post/page.
    You can send me dashboard admin access to antonio at itthinx dot com and I’ll have a look at your settings.
    Kind Regards,
    Antonio B.

We use cookies to optimize your experience on our site and assume you're OK with that if you stay.
OK, hide this message.

Affiliates · Contact · Jobs · Terms & Conditions · Privacy Policy · Documentation · Downloads · Useful Plugins · My Account

Share