Support Forum
Support Forum
Offline
Just yesterday, we had over 200 topics created in our forum (which incidentally had the login widget removed, and the "Anyone can register in WP Settings is disabled) by some unknown person. The way that we would like the site to work is: 1. They fill out a registration form that must be moderated by one of our forum admins to grant them access to the private forum. 2. An admin must create the users manually and give them passwords for them to get access to the site.
The site is: http://www.cortezfire.com/
Questions:
1. Is there a way to not have unknown people posting on the forum?
2. Is there an easy way to delete all of these spam topics that they have created?
Any help you can throw my way is VERY appreciated! Let me know if you need more information, and I can happily supply.
Cheers, Victoria
Offline
Several points to reply to here so...
The first thing to recognise is that Simple:Press is a plugin of WordPress and as such has nothing whatsoever to do with user registration, login, logout etc., all of which are core WordPress tasks and actions. The 'Anyone can register' setting and the 'login widget' are both primary WordPress options and tools.
Yes, using the Simple:Press User Groups and Permission Sets applied to your forums in a planned way, it is a simple matter to stop unregistered users from accessing and/or posting to the forum. You, as the forum admin, can control a large array of user forum activity in this way. See the 'Getting Started' section of our Codex for a brief and simple overview of access control.
It is not possible to set user registration up in the manner you wish using WordPress out of the box. But there are a number of third party plugins available that can perform this sort of registration control and I would suggest you peruse the WP plugin repository. Everything from the 'Theme My Login' plugin which can help control the registration process to full blown membership control systems are available.
The Simple:Press 'Admin Bar' plugin is able to use the WordPress plugin 'Akismet' to try and identify spam forum posts as they are made and can go some way in helping the forum admins and moderators to remove them. However, once in the system it is a bit late to use that of course so I am afraid I have no quick and easy way for you to remove those that have slipped past your nets.
I hope that is enough to be going on with! If your WP setting to allow anyone to register was truly changed externally then that is obviously something you should try and check on and track down if possible. If there is a vulnerability on your site it needs to be hunted down of course.
 |
YELLOW
SWORDFISH
|
Offline
on top of Andy's info, I would suggest checking out this codex article about controlling access to your forum: https://simple-press.com/docum.....ng-access/
Visit Cruise Talk Central and Mr Papa's World
Offline
Thank you both so much for your quick replies. I'm still a bit tangled, so I'm going to add some more notes.
1. We do NOT have the WP "anyone can register" option checked.
2. We have the "Members" plugin to limit users. Currently, we have these categories:
- Administrator (3) |
- Editor (1) |
- Subscriber (4) |
- Keymaster (1) |
- Moderator (2) |
- Participant (20) |
- Member (24)
3. We have 3 custom Simple:Press User Groups (the default ones, including Guest, were deleted).
4. We have 6 Permission Sets (I believe these are the defaults), yet I don't see anything that would lead me to believe that an unknown user could start topics.
5. While in the forum, I logged out, and I could still see the forum. I attempted to create a topic in the thread where we are getting the spam topic by non-registered users. When I hit submit, it took me to the login screen. (pic of attempt attached). When I logged back in, my topic was not there.
So, I am still missing something, and cannot figure out how people are posting.
We now have 300 topics posted, the last was 21 minutes ago. From what you mentioned, Yellow Swordfish, there is no utility for Admins to use something like checkboxes to delete? I will need to hover over each topic and click the little tool icon to delete each one individually? If so, I really need to get this fixed, or I'll be going crazy! 
Thank you again for your responses. I will keep trying.
Offline
There is a big difference, of course, between forcing users to register before they can take an active part and letting npn-registered users create posts.
At the end of the day what matters is what user-group/permission set permutations are assigned to each forum. so that is what you need to check - forum admin > manage Forums > for each forum > Forum permissions. Check each combination carefully.
Are you using a WordPress cache plugin by any chance? It sounds like you might be and if you are then you will need to exclude the forum page from all cache types. The cache plugins assume static data (like a blog post) bot the forum data is dynamic and created very specifically for the current user viewing it so the cache wil lserve up the wrong data.
|
YELLOW
SWORDFISH
|
Offline
Hello Swordfish,
Thank you again for your response. My membership expired, so I didn't get the subscription email that you had replied.
I am not using a caching plugin. These are the list of what we are currently using for plugins:
Backup Buddy, Contact Form 7, Members, NOAA Weather, Promotion Slider, Simple:Press, TablePress, The Events Calendar, and WordPress SEO
I have taken a screenshot from the Forum > Manage Forums > "All Member Forum" > Forum Permissions. I have three levels of membership listed (and no guest memberships listed).
Retirees --> Standard Access
Active Members --> Standard Access
Moderators --> Moderator Access
(We are using the Members plugin, and WordPress does NOT allow anyone to register.)
I just used a different browser, where I am not logged in, and when I click the link to the forum, I can see it! I thought that the page was hidden unless people were logged in! Ack!! I have also added a screenshot of this page.
Offline
If you go to the forum admin > User Groups > Map Users to User Groups - what do you have set for 'Default usergroup for guests' as this is what will be used if no specific one has been set up at forum level...
|
YELLOW
SWORDFISH
|
Offline
I see this now - I have Guests set currently to "Retirees". It only lists the three groups that I currently have for options.
Ideally, we do NOT want guests to posts, period.
Should I create a new group that has no permissions, and assign guests to that new group?
We're getting there - Thank You!
Offline
So, I did try to do what I mentioned above.
1. I created a new group called "Guests".
2. I added a new forum permission to the forum where we are getting guest spammers ("All Member Forum"). This forum permission is set to "No Access".
Now, when I visit the site not logged in (like a guest), the forums do not display, and the following message is posted: "The requested group does not exist or you do not have permission to view it". (Screenshot below.)
Thank you, thank you, for helping me with this! I have not had anyone create a topic in over 10 minutes - should be working now!!
All RSS1 Guest(s)