Anyone can access BP content, e.g. the directory by typing /members in url

  • Participant
    Level: Yogi
    Posts: 1017
    calu on #25671

    Hi Brajesh, I have discovered that anyone can access any BP content, without even being logged in, e.g. the members directory can be accessed by typing domain/members and even a members profile can be accessed by not registered users by typing domain/members/profile

    I’m really surprised, is this security breach really the way BP is intended to work?

    I remember to have seen some code to prevent non logged in users to access BP content, by changing the url but I cant remember where, was it at Buddydev?

    what is the best way of preventing this is happening?


  • Keymaster
    (BuddyDev Team)
    Posts: 22482
    Brajesh Singh on #25682

    Hi Carsten,
    That is the default behaviour. You can stop it with a line. Or I will say, keep it as it is. within 2 weeks our access control will be available and should help you with this and more personalization.


You must be logged in to reply to this topic.

This topic is: not resolved