joefridaywebmaster

Sorry for my confusing statement. The reason we might want or need Sucuri is that SiteLock can’t block the non Domain Naming System engaged http/https requests. Those would never get to SiteLock as the DNS lookup would not be performed.
This is the usage case FOR Sucuri.

OK – SQL Mapping has been done. What I have not seen is how to USE the update and delete queries that were configured. I don’t see a way to add an update or delete button to the form or set and option on the form to include an update and delete button.

How are these query options used? Where do I configure the appearance of update and delete buttons?

We have a LOT (couple hundred) images under wp-content/uploads subdirectories to add to a slider. Your non-PRO interface does not make it easy to add a bunch of images from say the same folder at one time. Adding them one by one is WAY too time consuming a manual task. Any plans to make this MUCH easier to do?

At this time I am only trying the non PRO version. Is that a PRO feature as I am not seeing anything like a show media data option anywhere? I have tried to put a URL in the image input and it seems to think I have added a slide as it shows in the list below with a thumbnail of the image. However, the page that had the shortcode is not showing the image. That page is showing a wait circle of rotating dots and text below that says Loading. No loading seems to be happening. This is definitely not working.

We don’t have any mixed pages where portions are public and portions are private. We only need at this point to make entire pages public or private. So by blocking the use of private pages in the Front-end management pages and forcing webmasters to use public pages for the Front-end management pages you are possibly deciding to make visible what we would not make visible. Do you block those pages from non-logged in users? We are looking to be sure those pages are not revealed.

Caimin,

So to see the page in the drop-down list for Pages->Other Pages->Front-end Management Pages->Edit events page, the referenced page must exist (no content needed) and must be marked public. It seems to me that, this could expose this page to viewing/editing by any hacker that guessed the slug. Since this is generated by the plugin and is not taken from the referenced page, there is no place, that I can see, to put the conditional placeholders for {logged_in}.

We are not keen on exposing our event data to public viewing or editing, just the logged in members with the proper role or roles. On a functional level, I think the drop-down list should include, at a minimum, pages that are marked private visibility.

Since this is part the dashboard and is accessed by the wordpress administrator only, this doesn’t change what the wordpress administrator can view or update as the wordpress administrator (as default) can view and update private visibility pages.

Jim

• This reply was modified 7 years, 3 months ago by joefridaywebmaster.
• This reply was modified 7 years, 3 months ago by joefridaywebmaster.
• This reply was modified 7 years, 3 months ago by joefridaywebmaster.
• This reply was modified 7 years, 3 months ago by joefridaywebmaster.
• This reply was modified 7 years, 3 months ago by joefridaywebmaster.

We have one or two pages for prospective newcomers and the rest marked private. Adding an additional role and going through all the members to set them to the new role, then checking all the side effects of by-passing the standard wordpress roles seems a lot to do to restrict content to the members. If the plugin doesn’t protect it’s pages from non-logged in users, we’ll need to remove it.

We are not using buddypress. We mark almost all of our pages as private visibility.

OK I found the problem. As we want only our retired people to see our pages and not the general public, we set the Publish Visibility setting to private. The pages shown in the drop-downs for the Front-end management pages are only those marked as Public Visibility. This is definitely contrary to allowing us to edit our events but keep them private to the group. From my perspective, it is a security hole for private blogs and websites.

Event registration and booking management for WordPress. Recurring events, locations, google maps, rss, ical, booking registration and more!
Version 5.8.1.1 | By Marcus Sykes | View details

No modifications – rmc-edit-events (which is mostly empty) is the page I once successfully assigned to the edit events front-end management page.
That page is mostly empty created just for the edit events purpose.
It is still in wordpress pages, it is NOT showing up in the drop-down list for edit events.

Thank you for replying. No – we haven’t updated to wordpress 4.9 yet.