All site data visible to members and non-members alike
-
I’ve been poking around for some time and I’m a little surprised that not one person has been confused by the complete lack of security in BuddyPress. I have started a closed beta program for a project I’m working on for the Autism community. Without going into a lot of detail, the Autism community requires strong security. Facebook offers their version of security in that you need to be logged in and a friend in order to see someone’s profile information. All social systems I have seen and/or worked offer a choice about what you want to make public facing or only for approved individuals.
BuddyPress offers no such protection at all. Nothing. Everything I can see while logged in as admin I can see by not logging in and simply clicking around. I’ve been using WordPress for 5 years now and, while I’m new to WPMU and BuddyPress, I know that there are no options for managing who gets to see what and under what circumstances. This would seem to me to not only be a critical aspect of any social network, but also a rather simple one to implement. Then again, I’m no coder. I’m just a weekend hacker with lots of sysadmin experience.
Regarding my audience, there’s no way I can let people put in their personal information and let some random asshat walk in and read it, or worse, act on the personal and identifying information they find there. That’s just not possible.
Is there something I’m missing? Some people tell me I’m smart, but I rarely believe them, so its very possible I’ve missed something obvious.
Help?!
-
So, how many people are employed by Auttomatic to work on this project?
One. Andy.
I’ve been poking around for some time and I’m a little surprised that not one person has been confused by the complete lack of security in BuddyPress.
You need to poke around a little more.
https://buddypress.org/forums/topic/privacy-1
https://buddypress.org/forums/topic/privacy
https://buddypress.org/forums/topic/buddypress-privacy-component-an-update
Also, privacy is on the BuddyPress roadmap.
As Andy states, implementing privacy in BP or any social network is not an easy task. I am working on updating my older privacy component to work with BP 1.2 and WP/WPMU 2.9.x. It will be awhile longer before I have a working alpha for testing. But, privacy is coming to BuddyPress!
I have to say that I’m glad to see that the community around BP appears to be very strong, and that’s good thing. I’ve always tried very hard to advocate for open source, and have done so for over a decade now. I plan on advocating more for WordPress, BuddyPress, and bbPress, as well as the WordPress Foundation through my Autism site. I take exception to those who talk about being able to tell when a site is based on WordPress. Of course, its up to the designer of the site whether or not they will fly that flag, and I’ve long ago decided that I would let everyone know what I was using to get things done. I’ve been running Mobodojo on WP since 1.2.
Sadly, though, I’ve been growing accustomed to the automagical nature of WP and have stopped using themes which need to be tweaked every time the code base gets updated (though Atahualpa and Arras are stunningly powerful themes) as well as counting on plugins to do everything I need. The deficit lies in the fact that I’m hopeless when it comes to coding. Sure, I can edit existing PHP and even make it work 13% of the time, and I’ve been hacking around HTML for years, but there are things I need to have my site do, and so I’ll need to buckle down and either find out a way to do it myself or pass along my passion to someone (or someones) who have the skills.
I realize that my opening post sounded upset, and I was, but that frustration should never have been vented on the BP community. I do thank you all for making some mild fun of me and, otherwise, being very cordial and helpful. I’m also pleased with myself to have managed to spark a little bout of debugging
The site is phrind.com. If you aren’t a member, you will be redirected to blog.phrind.com.
Hi Im new here and am not a developer…so please bear with me!
@jharder Ive tried your ‘hack’ but cant get it to work. Im sure its because Im putting it in the wrong place (as I said Im not a developer). Can you please be so kind as to tell me EXACTLY where you put the code on the copied the members/index.php, activity/index.php(etc etc) folders and files. I want my Members and Activity area to be only viewable to logged in users.
Thanks so much.
This privacy thing is doing my head in.
@r-a-y thanks for this and I have seen this code before and tried it several times but I cant get it to work…I know its me….Im just not putting it in the right place on the functions.php page. Ive put it at the very start of the page. For example:
function sh_walled_garden()
{
global $bp;if( bp_is_register_page() || bp_is_activation_page() )
return;if( ! bp_is_blog_page() && ! is_user_logged_in() )
bp_core_redirect( $bp->root_domain .’/’. BP_REGISTER_SLUG );
}
add_action( ‘get_header’, ‘sh_walled_garden’ );
/* Stop the theme from killing WordPress if BuddyPress is not enabled. */
if ( !class_exists( ‘BP_Core_User’ ) )
return false;/* Register the widget columns */
register_sidebars( 1,
array(
‘name’ => ‘Sidebar’,
‘before_widget’ => ‘‘,
‘before_title’ => ‘‘,
‘after_title’ => ‘‘
blah blah……….
Is that correct? Because when I do this I get an error reading.
I just need to know “exactly” where to put it on the page. For example put it between “x” and “y”.
Thanks for getting back to me promptly though…appreciate it.
- The topic ‘All site data visible to members and non-members alike’ is closed to new replies.
