Print

Access Manager Integrity

[et_pb_section bb_built=”1″ admin_label=”Step” specialty=”off” _builder_version=”3.3.1″ module_class=”knowledge-base-step-style-1″ custom_css_main_element=”font-size: 14px;||font-family:||%22Helvetica Neue%22, Helvetica, Arial, sans-serif||;” custom_padding=”10px||10px|” next_background_color=”#000000″][et_pb_row _builder_version=”3.3.1″ make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”1″ custom_padding=”||10px|”][et_pb_column type=”4_4″][et_pb_text admin_label=”Description” _builder_version=”3.11.1″ max_width=”95%”] Access Manager is the most advanced access control plugin on the market for KB content protection. However, due to WordPress limitations and depending on your website setup, the Access Manager effectiveness will never be 100 percent. You can take steps to increase its ability to protect your content by implementing as many of the following measures as possible:
  • Block access to the whole website:
    1. User needs to login to access it AND/OR
    2. User comes from a specific IP address
  • Use only WordPress default editors or Gutenberg builder
  • Install only trustworthy plugins. If using non-KB plugins, regularly test that they do not affect Access Manager’s ability to protect KB content.
  [/et_pb_text][et_pb_text admin_label=” The following are required ongoing maintenance tasks for Access Manager and its environment: ” _builder_version=”3.11.1″ header_2_font_size=”30px” custom_margin=”||10px|” custom_padding=”||0px|” custom_css_main_element=”border-bottom:solid 2px #008bdb;”]

The following are required ongoing maintenance tasks for Access Manager

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”3.3.1″ make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”1″ custom_padding=”10px||10px|”][et_pb_column type=”4_4″][et_pb_text admin_label=”Description” _builder_version=”3.11.1″ max_width=”95%”]
  • Keep all WordPress plugins and themes up-to-date.
  • Install only plugins that do not directly access, store, and expose KB content (instead of typical WordPress hooks and functions).
  • Restrict and control access to WordPress database that KB is stored in.
  • Implement effective industry-standard security practices and policies.
  • Host KB on a secured web server, for example WPEngine.
  • Report defects early.
  • Minimize the time during which Access Manager is NOT active. An inactive Access Manager plugin cannot actively protect your content, although that content should still be inaccessible
[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”Step” specialty=”off” _builder_version=”3.3.1″ module_class=”knowledge-base-step-style-1″ custom_css_main_element=”font-size: 14px;||font-family:||%22Helvetica Neue%22, Helvetica, Arial, sans-serif||;” custom_padding=”10px||10px|” prev_background_color=”#000000″ next_background_color=”#000000″][et_pb_row _builder_version=”3.3.1″ make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”1″ custom_padding=”||10px|”][et_pb_column type=”4_4″][et_pb_text admin_label=”When installing a new plugin: ” _builder_version=”3.11.1″ header_2_font_size=”30px” custom_margin=”||10px|” custom_padding=”||0px|” custom_css_main_element=”border-bottom:solid 2px #008bdb;”]

When installing a new plugin:

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”3.3.1″ make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”1″ custom_padding=”10px||10px|”][et_pb_column type=”4_4″][et_pb_text admin_label=”Description” _builder_version=”3.3.1″ max_width=”95%”]
  • Verify that the plugin does not directly access, store, and expose KB content but rather uses WordPress hooks and functions.
  • Check that if the plugin is accessing Custom Post Types, it does not expose KB content such as slugs, KB Categories, KB Articles, KB Main Page, and KB Admin screens.
  • If you see any access issues, contact our support team.
[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”Step” specialty=”off” _builder_version=”3.3.1″ module_class=”knowledge-base-step-style-1″ custom_css_main_element=”font-size: 14px;||font-family:||%22Helvetica Neue%22, Helvetica, Arial, sans-serif||;” custom_padding=”10px||10px|” prev_background_color=”#000000″ next_background_color=”#000000″][et_pb_row _builder_version=”3.3.1″ make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”1″ custom_padding=”||10px|”][et_pb_column type=”4_4″][et_pb_text admin_label=”Types of plugins that can circumvent access restrictions:” _builder_version=”3.11.1″ header_2_font_size=”30px” custom_margin=”||10px|” custom_padding=”||0px|” custom_css_main_element=”border-bottom:solid 2px #008bdb;”]

Types of plugins that could circumvent access restrictions:

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”3.3.1″ make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”1″ custom_padding=”10px||10px|”][et_pb_column type=”4_4″][et_pb_text admin_label=”Description” _builder_version=”3.3.1″ max_width=”95%”]
  • Visual builders such as Beaver Builder, Divi, and Visual Composer
  • WordPress export and backup plugins
  • Shortcodes or Widget Plugins that pull data directly out of the database with their own custom queries
[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”Step” specialty=”off” _builder_version=”3.3.1″ module_class=”knowledge-base-step-style-1″ custom_css_main_element=”font-size: 14px;||font-family:||%22Helvetica Neue%22, Helvetica, Arial, sans-serif||;” custom_padding=”10px||10px|” prev_background_color=”#000000″][et_pb_row _builder_version=”3.3.1″ make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”1″ custom_padding=”||10px|”][et_pb_column type=”4_4″][et_pb_text admin_label=”Verify that Access Manager restrictions work: ” _builder_version=”3.3.1″ header_2_font_size=”30px” custom_margin=”||10px|” custom_padding=”||0px|” custom_css_main_element=”border-bottom:solid 2px #008bdb;”]

Verify that Access Manager restrictions work:

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”3.3.1″ make_fullwidth=”on” use_custom_gutter=”on” gutter_width=”1″ custom_padding=”10px||10px|”][et_pb_column type=”4_4″][et_pb_text admin_label=”Description” _builder_version=”3.3.1″ max_width=”95%”]
  1. Login as a user who has limited access to your KB.
  2. Test For Non-Authorized Access to KB Content:
    • Test access without logging in and test with WordPress Subscriber and Editor.
    • Test access to KB Categories and KB Articles.
    • Test WordPress and KB Search.
    • Test KB Category archive page.
    • Test breadcrumbs, site maps, and other access points.
    • Test custom plugin content output.
  3. Test what users can see on the front end, including KB Main and Article Pages and Category pages to see if they are correct.
  4. Test the user access in back-end administration screens. (https://codex.wordpress.org/Administration_Screens), including KB All Articles pages, Categories pages, and Access Manager configuration.
  5. Repeat this for each Group and role.
[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]
Was this article helpful?
4.5 out Of 5 Stars

1 rating

5 Stars 0%
4 Stars 100%
3 Stars 0%
2 Stars 0%
1 Stars 0%
5
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Need help?
Table of Contents