How to disable backend editing for everyone except administrator?

#1 · August 12, 2020, 4:45 pm

On my website I have it set so all new users are set as the contributor role. Reason for this is because my website is a social network that has social blogging where all users can create their own blog posts. Anyways, I found a vulnerability with the back end and discovered that users of the contributor role are able to edit the forums. They pretty much have access to change everything (structure, appearance, usergroups, ads, and settings). How do I make it so no one except for administrator has access to Asgaros Forum backend?

Thank you

#2 · August 13, 2020, 5:23 am

Hey @emilie777,

there is no difference for Asgaros Forum if the user is a Subscriber, Contributor, Author or Editor. But Asgaros Forum checks also the Forum Role.

So if you give a Subscriber the Forum Role “Administrator”, this user will be able to edit the Structure and anything else of the forum. But it’s not possible for a Forum Moderator.

So the backend is only available for Users with the Forum Role “Administrator” or the WordPress Role “Administrator” or “Super Admin”.

Can you please check the Forum Roles of your users and give me a feedback here.

Asgaros and emilie777 have reacted to this post.

Need professional help with Asgaros Forum? Book an appointment with us at domra Web Solutions for setup and customization services. Learn more about our Toolbox for Asgaros Forum plugin to enhance your forum experience.

#3 · August 13, 2020, 6:12 am

Oh! You are absolutely right LOL the account I was using to test on was set to forum administrator and I didn’t realize haha. Very sorry, thank you so much for letting me know!

Asgaros and qualmy91 have reacted to this post.