Security breach on multisite

  • Good afternoon,
    I use the software on a multi-site.
    The site is always in maintenance mode due to the wish of the customers.
    So every site has a different temporary login link.
    The structure of the site is:
    domainname.com/site001
    domainname.com/site002
    domainname.com/site003
    et cetera

    Now the problem:
    When someone uses the temporary login link for site002 for example they can also see all the other sites when changing the URL site name.
    This is of course a security breach!

    Is there something you can do about?

    Thank you for reply!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Asmi Patel

    (@asmipatel)

    Hi @damnsharp,

    Sorry for the inconvenience caused to you.

    We will look into this and try to replicate this on our end and get back to you as soon as we have an update on this.

    Thank You!

    Plugin Support Asmi Patel

    (@asmipatel)

    Hi @damnsharp,

    We have checked this on our end on a multisite setup but it seems to be working as expected. If the temporary login link user is created for a user on site001, the login link should not allow the user to get access to site002. Even if we change the URL directly, it should redirect them to the homepage (frontend) of the other site and not the admin screen.

    Could you please check WordPress > Users screen of the other site and see if the same user is already there in the Users list or not?

    Thank You!

    Thread Starter Damiaan van Vliet

    (@damnsharp)

    Good morning @asmipatel and thank you for the quick reply.
    I found out that the probem was indeed not with your software but with the maintenance mode software.
    The plug-in from WebFactory did not worked well in a mult-site environment.
    So I used the plug-in from Lukas Juhas. Problem solved!

    Plugin Support Asmi Patel

    (@asmipatel)

    Thank you for providing us an update on this @damnsharp.
    You can point this out in the other plugin’s support as well so that they are aware of it and maybe fix it later.

    Have a great day!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Security breach on multisite’ is closed to new replies.