Skip to:
Content
Pages
Categories
Search
Top
Bottom

Warning: Better WP Security plugin breaks group admins…

  • Avatar of Jeff
    Jeff
    Participant

    @jschodde

    Be advised, there is a feature in the Better WP Security plugin that renumbers the administrator account (user_id=”1″) to something else (in my case it became “5″). The logic being that hackers look for user_id=”1″, so give it a new number.

    Unfortunately this plugin does NOT update the wp_bp_groups_members table! So, all existing records where user_id=”1″ remain that way. Consequently, when you go to update your group entries from the dashboard area, you get an error message saying you need an administrator account.

    So, I then started adding the admin account again manually to each group. But when I visited a group home page, I would see the administrator account listed twice below the “Administrators” heading. That’s how I figured this out.

    The solution I found (and seems to work so far) is to use a SQL client and manually update the user_id column in the wp_bp_groups_members table with the user_id value for the administrator account. Oh, I also had to remove the admins I started adding so the dupes would go away.

    I can’t think of any other BuddyPress tables I should update with user_id=”5″. If anyone else does, please let me know.

    Fortunately, my site is still in development so I didn’t have that much data to update.

    Thanks,
    Jeff

Viewing 3 replies - 1 through 3 (of 3 total)
  • Avatar of bp-help
    bp-help
    Participant

    @bphelp

    @jschodde
    This plugin is not tagged BuddyPress so I think it would be more appropriate to post it on the authors support forum here:

    http://wordpress.org/support/plugin/better-wp-security

    Maybe ask the author to update it for use with BP and tag it appropriately afterwards.

    Avatar of shanebp
    shanebp
    Moderator

    @shanebp

    @jschodde
    Thanks for sharing the warning and fix instructions.

    However, a member’s id is used in most or all BP and WP tables.
    For example, did you not have to update the user_id in wp_bp_activity ?

    Avatar of Jeff
    Jeff
    Participant

    @jschodde

    @bp-help, I posted here not for a fix, but to simply inform everyone. I also took the liberty of posting on the author’s support forum at the same time. I went one step further and posted an FYI to WPMUDEV (since I’m a paid subscriber there).

    @shanepbdev, I noticed that in the activity table and ignored it because since my site is in development, I planned on purging that table any ways. Thanks for the info though :-)

    Hopefully the developer will either display some kind of warning or include such tables as part of the process.

    Cheers,
    Jeff

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.