rabmaster

Can you export the MySQL databases using phpMyadmin or similar?

I think the poster is aware of this, but is asking for a new feature which takes into account whether a user is registered or not, and sets commenting permissions based upon that. It would be a useful feature in my opinion – registered members shouldn’t require moderation, whereas those who are not registered may well do.

Personally, I’m happy to moderate the first comment and keep a lookout for abuse!

Where do you want this to occur? On the main homepage (index.php) in single posts (single.php) categories, or pages? Or all of them? To do this, you’ll need to move them in the .php templates for each that you want to change (though it would be helpful if you could clarify what you mean by “links”!)

I have experienced several which fail to change the header images – if you could explain which theme you are using, I may be able to help. Also, there are ways you could change this in other ways, but that would involve a much longer answer! What theme is this question for?

Which theme are you using?

The Roles_and_capabilities page is clearly wrong, and I quote:

Contributor

Role Name Contributor
[edit]
Capabilities:

* edit_posts
* read
* level_1
* level_0

They CAN see the comments section, and all the addresses of those therein. Therefore, they also have the capability of accessing private information of everyone who has left a comment.

And this is the problem, Samboll and Handysolo – it isn’t just admins who get to see this screen: ANYONE above the level of basic “subscriber” can access the email addresses from the “comments” tab, including “contributors”. So it isn’t just admins. This is a huge problem for multi-author blogs, or those who set the default level of new members to “contributor” for whatever reason, anyone who registers can see this stuff.

Try it on your own blog! Set up a dummy user as a contributor and go and see all the stuff this person could find. It is NOT what a mere ‘contributor’ should be able to access.

I would argue that even editors have no requirement to view the email addresses of commenters, though this is debatable, but the ‘contributors’ and ‘authors’ definitely should not – they cannot edit comments, so this screen should not be available to them at all anyway.

Please can you help me to remove these capabilities, I run a multi-author blog and I’d like to let new authors get involved straight away as contributors, however, I don’t want them to be able to access all these email addresses, this gives them huge potential to spam all and sundry.

What’s wrong wih Jazzle?? ??

Come to think of it, that’s probably where all those Viagra emails I get originated.

It would be good if someone could provide a sensible response to this question.

Which directory have you place the .htaccess file into?

With one of mine, I put it into the sub-domain as well as the root directory of the site, e.g., on your ftp program:

1. above the WWW or WWWROOT (whatever this is called!!) directory

2. IN that directory.

3. In the subdirectory that your blog is in (if it is in one).

Try that, if you haven’t already. Otherwise I’m not sure, I think the next step is to ascertain whether your webhost allows mod-rewrite rules, though I’m sure to be corrected!

Why don’t you just write the page in html, using a really long and stupidly unguessable filename, add a link to the software to download to that page, and make it the landing page that Paypal sends your person back to after completing payment. Encrypt the paypal button, and hey presto, it all works!!

You don’t need a wordpress page to do this, really, do you. If you like, you could even add a link “Back to blog” or similar… but then, you’ve already got your “donation” out of them haven’t you ??

Still no answer on this one – I want my new members to be allowed to make posts (which I’ll moderate) but not to SPAM all those who have left comments previously. Anyone, at the level of “contributor” can access these email addresses. I would argue that only admins should see this page (even our editors are not entitled to speak for my website as a whole, so why should they be able to see the contact details of those who leave comments?).

Please can someone suggest a way which I might be able to shut off the comments screen for all but the admins?

Otto42, should we REALLY have complete trust of contributors?

What, then, is the point of the “author” “editor” “admin” roles?

Contributor is clearly supposed to be a lower form of membership, where you are not yet trusted (all your posts must be moderated etc) so these people should not be allowed to spam everyone who has EVER left a comment on your site. I can think of any number of scenarios where this could happen.

So please, try to think of a way that we can prevent this from happening, or say nothing at all.

Ivovic, you weren’t particularly helpful.

I was asked by one of my authors on a blog why they could see the IP addresses and emails of all commentors. I had no answer for this, her response was, “well if I can see them, everyone else can!”

I assured her that all ‘normal’ subcribers cannot view this, but the harm has been done in my opinion, and she has told everyone else that there are security issues on the site.

Yes, I appreciate that you will usually only have trusted authors on ones site, but can you not imagine a situation where you might not? I certainly can.

Here is just one, that I have:

A blog which invites multiple authors, and sets the default level of new members to “contributor” and, while moderating their posts – thereby NOT, as you so inaccurately put it “pollute your domain name with their posts” they are in essence ‘on trial’ – should they be able to view the email addresses of all your other members AND those who make comments???

No, they should not. Why else do you suppose you get all those spam registrations from Russian email addresses. I always wondered “why spam registrations?” but now I know, in case you have set the initial new member status to “contributor” or higher, then they can scrape all the active email addresses from the “comments” section. This is, in my opinion, a massive security hole, and one which needs plugging, or at least some advice as to how we can do this ourselves.

Which is what the original poster was asking for. So yes, your comment was entirely unhelpful.

I, too, would like a solution to this issue.