WordPress’s lack of content access handling is a fatal security breach, illegal:

  • Unknown's avatar
    yaquinnhu · Member ·

    Hi WordPress team, and communit,

    Wordpress is responsible for deceiving users, which, according to aam-plugin, many of whom, are confused, about the difference between backend admin, and front end users; none of the built-in capabilities management functionality can control differential access to front end users, which is a major security breach. External plugins have to be installed, and this is not a valid solution, as these features should built into the core, of any content service.

    Wordpress core should motion # to acquire AAM immediately, and build user registration functionality, for front end users, into the core also, with the proper form functionalities. WordPress admin, should be able to control post and page access, on a per page and per post basis, differentially, for multiple tiers of logged-in front end users. Anything short of this, and your operation is illegal.

    Thanks,

    WP.com: Unknown
    Jetpack: Unknown
    Correct account: Unknown

    The blog I need help with is: (visible only to moderators and staff)

  • staff-blorbo · Staff ·

    Hi there, it sounds like you’re referring to the software from https://wordpress.org/

    To clear up any confusion, WordPress.com and WordPress.org are two different entities: https://wordpress.com/support/com-vs-org/

    WordPress.org has complete documentation for self-hosted/installed versions of WordPress.org at https://wordpress.org/support/ and support at https://wordpress.org/support/forums/

    For details on managing users here at WordPress.com, please see https://wordpress.com/support/user-roles/ and access can be controlled on a per-post/page basis by making them private or password-protected as needed: https://wordpress.com/support/post-and-page-visibility/

  • Unknown's avatar
    yaquinnhu · Member ·

    Your response is completely irrelevant, staff-blorbo. Both WordPress.com and .org run under the same company umbrella, Automattic, and neither are of my concern, as they determine where I get my service. Whether I get my service from .com or .org, using your half-witted delineation, I still have to deal with the same fundamental architectural flaw, from the WordPress install.

  • staff-totoro · Staff ·

    Hi there,

    Whether I get my service from .com or .org, using your half-witted delineation, I still have to deal with the same fundamental architectural flaw, from the WordPress install.

    Before I proceed, we would appreciate if you review the Community Standards post here: https://wordpress.com/forums/topic/best-practices-community-standards/

    Specifically this part:

    Be respectful: Be friendly, patient, and encouraging to all members of our community. Name-calling, accusations, harassment, and other abuse toward the community or staff will not be tolerated.

    In addition, I think it will help to clarify that we use a custom user management system on WordPress.com that is different from the core user management system that you mention here:

    none of the built-in capabilities management functionality can control differential access to front end users, which is a major security breach. External plugins have to be installed, and this is not a valid solution, as these features should built into the core, of any content service.

    As a result we are not able to help directly, since support staff at WordPress.com is not familiar with this concern. If you wish to address it in the core WordPress software package the best place to get help is in the community forums for the open-source project here: https://wordpress.org/support/forum/wp-advanced/

    Hope this helps point you in the right direction

  • The topic ‘WordPress’s lack of content access handling is a fatal security breach, illegal:’ is closed to new replies.