Wordpress linking to password protected content - security

I just redid my company's Joomla website to work on the WP platform. My problem is that there is content that log-in is required to access. In our newsletter, I need to link to content that requires log-in. Currently, If I link to that content and the customer is not logged-in, they get a 404 error. Putting the content to be openly accessed is not an option.
Is there a plugin or some way for this to occur:
Link on newsletter to specific content --> log-in with credentials --> redirected to the specific content
I would very much appreciate your help with this!!!

In the post/page editing form at the admin page, there is a "Visibility" option on the "Publish" field. Just check the password protected, and you can hide the page/post with the password.
hope it help..

Related

Hiding entire website to visitors on Kentico?

Is it possible to hide an entire website behind a log-in screen? Making the visitor login to see the content. I know there are plugins like this on Wordpress but I am unable to find something for Kentico.
Thanks,
Brian
Yes. At the root of the website (master page) select it. Then go to Properties>Security and in the Access section of that page, select yes for the "Requires authentication" attribute and save the page. This will force the user to the login page you have defined in your web.config OR in your Settings to authenticate first. This will be inherited by default through the rest of the child pages.

how does google verify ownership of a website?

In order to verify that I own a website, google asked me to do the following:
Download this HTML verification file. [googleXXX.html]
Upload the file to http://www.example.com/
Confirm successful upload by visiting http://www.example.com/googleXXX.html in your browser.
Click Verify below.
To stay verified, don't remove the HTML file, even after verification succeeds.
The file provided by google contains a single line:
google-site-verification: googleXXX.html
How that this work? How is that supposed to tell them that I actually own that domain?
It doesn't tell them that you own it, it tells them that you have write permission to it. That's considered enough.
It demonstrates that you have sufficient control of the web server at the domain to be able to add pages to the website. The assumption is that this level of control would only be available to the owner of the domain, or a delegated administrator.

Security Challenges in Drupal 7

I have mainly two security concern in Drupal 7.
When user enter http://sitename/node then the user will be able to view all the nodes created in the site till date. In the site there are some content type which are viewable to all users on site and some are restricted to created users and shared users.How to stop users from viewing those nodes which they have not created. It will also be OK for me if user enter http:///node then "Page Not Found" displayed.
Similarly I have installed "URL Path Alias" module which substitute the URL with the title alias. Now when user enters http://sitename/node/260 where 260 is random number. This can be redirected to a valid page and user gets to know the [nid] of the content. hackers can use SQL Injection or another technique to delete the content from generic [node] table. How to restrict such hacking in the site.
Please let me know your views.
pay a visit to drupal permission page # /admin/people/permissions.
Using roles and permissions you can set who can see what. knowing the URL is ok if you have defined your site roles and permissions in good safe way.
Pathauto module, or using drupal built in "URL Path Alias" is designed for SEO and simply making your URL look pretty.. it has no security impact ;)

Drupal url alias and views and clear urls for taxonomy issues

I am using views module. I have created blocks using views and a url using page display. This is for taxonomy. So my views url looks like this "news/science" So if someone click on the link he should be taken to www.example.com/news/science. However i am taken to a unstyled page with broken links. But when i try to use the url www.example.com?q=news/science i am taken to a proper page with correct data.
The issue is only with taxonomy related terms.
i.e all urls www.example.com/news/technology , www.example.com/news/sports appear broken and unstyled however if i manually visit www.example.com?q=news/technology and www.example.com?q=news/sports i am taken to a proper page.
Can anyone suggest what could be the reason.
The same issues is with admin login and logout. If i use www.example.com?q=user and try to login i can login. Also if i use www.example.com?q=logout i can logout. But if i use clean url aliases ie. www.example.com/logout then i am taken to access denied page.
Do you have the Path module enabled? Thats the module responsible for mapping ?q=logout to /logout.
See here: http://drupal.org/handbook/modules/path
Have you changed anything in .htaccess? any mod-rewrite changes that might be skipping over those particular urls?

Static Main Page (login page) on Drupal Install

I am starting to create a site that uses Drupal. One of my requirements is that nobody will see any "real" content until they log in. The home page will basically be a static page with a logo, some basic "this is what the site does" copy, and then a login form. If you don't login, you can then only see some other static pages (faq, legal, privacy, etc...) but you can't use the actual site. Think Facebook's login page, basically just fluff with a login form.
From searching around, I have found 3 different methods for this:
Create a page that is basically separate from the Drupal installation, but then when the form submits, check it against the Drupal DB and then proceed if logged in successfully. This would be done with Apache, maybe an .htaccess file directive to change the first served page.
Use the Front Page extension. I haven't looked at this too extensively, has anyone used it? Pros/Cons?
Somehow finagle the default Druapl "Home Page" functionality to allow this to happen. I would rather not have to do this, unless someone knows that there is an easy way to do this.
One of my requirements is that nobody will see any "real" content until they log in.
There is a permission that users need have in order to access content on Drupal (access content); if anonymous users don't have that permission, then they would not be able to see any content.
Using the module you reported, you can create a different home page for anonymous users.
Solution #1 is not the ideal one as it requires more work for something that can be obtained from inside Drupal. Take in mind that the correct way to access Drupal DB is to use the DB API Drupal comes with.

Resources