Skip to:
Content
Pages
Categories
Search
Top
Bottom

Random member – security query

  • Avatar of en0ch
    en0ch
    Member

    @en0ch

    I was a little surprised to note that, with the admin bar enabled, a visitor who’s not logged in to my site can successfully visit a random member. As far as I can tell there’s no way of turning this off. Granted, they don’t get a link to the member’s e-mail address; but I can think of plenty of people who would be uncomfortable about even just their name being available to all and sundry. (And that’s not to mention danger for children online, etc … )

    Now of course you can turn this off by simply selecting the general setting to hide the admin bar from anyone not logged in. But that hides other stuff that would be useful to have sometimes. So I’d like an optional setting to block this access. Maybe it could be done by making the hide admin bar setting more sophisticated – so you can select parts of it to show or hide from users who are not logged in?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Avatar of Marian
    Marian
    Participant

    @marianbuchanan

    @en0ch, Where is the setting for hiding the admin bar from visitors who are not logged in?

    In the meantime, the Visit portion of it can be hidden from display (although not from the source code) by adding
    #bp-adminbar-visitrandom-menu { display: none; }
    to the stylesheet.

    And you can give users the option of hiding as much as they want through the BuddyPress Profile Privacy plugin.

    It seems to me, though, that hiding the username itself from Everyone kind of defeats the purpose of being part of an interactive community. I suspect it would only work if it was a site set up for people to connect through off-site invitations to interact on-site as Friends or Group members.

    just some thoughts
    :-)
    Marian

    Avatar of intimez
    intimez
    Participant

    @intimez

    @marianbuchanan

    Try this:
    Dashboard – Buddypress – General Settings
    Hide admin bar for logged out users?: YES

    Avatar of Marian
    Marian
    Participant

    @marianbuchanan

    Ah! hiding right in front of my bleary eyes! ;-)
    Thanks, intimez
    -Marian

    Avatar of en0ch
    en0ch
    Member

    @en0ch

    @marianbuchanan

    Only just found your reply .. thanks. I’m not quite geek enough to follow your instructions unguided ;) Can you please say it slowly in noob-speak .. what file is the stylesheet? and what wp folder would I find it in? and where exactly within the text of the document would I paste that line?

    I want to do it this way because this is a very small community with a finite purpose, for whom the WP site is a practical communication tool. It’s not intended to attract passers-by or forum junkies.

    Avatar of Marian
    Marian
    Participant

    @marianbuchanan

    @en0ch

    So sorry I didn’t see your request for more help. I have my settings to be notified of any @mentions and replies to my forum posts but for some reason I did not receive any notification that you had replied. Not sure if it’s a problem with BuddyPress.org notifications or what.

    Anyway, it’s probably too late and you hopefully found a solution already, but I’ll post this here just in case you or anyone else are still looking for a way to disable the random visit menu in the BuddyPress admin bar without disabling the admin bar itself.

    Rather than explain the inadequate solution of changing #bp-adminbar-visitrandom-menu display to none in the stylesheet, let me give the function override solution instead:

    In your theme’s footer.php file, right BEFORE it says “, add the following code:
    `
    <?php
    if (!is_user_logged_in()) {
    remove_action( ‘bp_adminbar_menus’, ‘bp_adminbar_random_menu’, 100 );
    }
    ?>
    `
    That’s if you want the random visit menu to be removed only for users who are not logged in.

    If you want it to be removed for all users, whether or not they’re logged in, use this simpler code instead:
    `
    <?php
    remove_action( ‘bp_adminbar_menus’, ‘bp_adminbar_random_menu’, 100 );
    ?>
    `

    I see that the font for the code I just posted is not clearly legible in places. Please note that the remove_action line ends with a semi-colon ;

    HTH
    :-)
    Marian

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.