Skip to:

Huge Security Hole with wp-admin?

  • JsonB123


    I just registered new test accounts on my BuddyPress site and after I get the email activations and login, I can login to wp-admin with these “subscriber” accounts and change EVERYTHING on the back-end!

    I look at user roles and they are still “subscribers” but the bar at the top says “Hi admin! You’re logged in as a site administrator.” What is going on here?! I know I installed BuddyPress correctly.

    Using WPMU 2.7.1, BuddyPress 1.0 and BBPress alpha 6.

Viewing 2 replies - 1 through 2 (of 2 total)

  • seppolaatle112


    If you are sure you installed Buddypress correctly, you need either some sleep or maybe some coffee.

    This is not some bug in Buddypress. Are you sure you didnt register a blog with the account, and that the backend you see belongs to this blog? It is quite clear that members are administrators on their own blog. Can you see the Buddypressmenu in your menu to the left after logging in?



    hi admin is your main admin account, your still logged in, try using firefox for your main account (admin) and use a different browser to test other registrations and logins

    this might help separate the confusion for you, i also use this method sometimes as cookies are separate between browsers ;)

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Huge Security Hole with wp-admin?’ is closed to new replies.
Skip to toolbar