Access Manager Integrity
- Block access to the whole website:
- User needs to login to access it AND/OR
- User comes from a specific IP address
- Use only WordPress default editors or Gutenberg builder
- Install only trustworthy plugins. If using non-KB plugins, regularly test that they do not affect Access Manager’s ability to protect KB content.
The following are required ongoing maintenance tasks for Access Manager
- Keep all WordPress plugins and themes up-to-date.
- Install only plugins that do not directly access, store, and expose KB content (instead of typical WordPress hooks and functions).
- Restrict and control access to WordPress database that KB is stored in.
- Implement effective industry-standard security practices and policies.
- Host KB on a secured web server, for example WPEngine.
- Report defects early.
- Minimize the time during which Access Manager is NOT active. An inactive Access Manager plugin cannot actively protect your content, although that content should still be inaccessible
When installing a new plugin:
- Verify that the plugin does not directly access, store, and expose KB content but rather uses WordPress hooks and functions.
- Check that if the plugin is accessing Custom Post Types, it does not expose KB content such as slugs, KB Categories, KB Articles, KB Main Page, and KB Admin screens.
- If you see any access issues, contact our support team.
Types of plugins that could circumvent access restrictions:
- Visual builders such as Beaver Builder, Divi, and Visual Composer
- WordPress export and backup plugins
- Shortcodes or Widget Plugins that pull data directly out of the database with their own custom queries
Verify that Access Manager restrictions work:
- Login as a user who has limited access to your KB.
- Test For Non-Authorized Access to KB Content:
- Test access without logging in and test with WordPress Subscriber and Editor.
- Test access to KB Categories and KB Articles.
- Test WordPress and KB Search.
- Test KB Category archive page.
- Test breadcrumbs, site maps, and other access points.
- Test custom plugin content output.
- Test what users can see on the front end, including KB Main and Article Pages and Category pages to see if they are correct.
- Test the user access in back-end administration screens. (https://codex.wordpress.org/Administration_Screens), including KB All Articles pages, Categories pages, and Access Manager configuration.
- Repeat this for each Group and role.