Well, I'm doing SOMETHING wrong, I can tell you that much
So the background is this: I’m creating a website that is basically just one single forum, and it’s important that it be as private as possible. I understand that it’s impossible to guarantee security for pretty much anything online, and I’m not talking about huge matters of national security or anything; it’s just an online extension of a support group I’m part of, and it would be easier to talk about some of the difficult things we’re talking about if it we felt relatively secure that it was just us reading it.
And I’m being extra-difficult by trying to make the “front page” actually be the forum page – seeing as how there’s only one, it seemed silly to click through two screens to get to the content. I followed chrishajers’ ninja code here and it’s awesome.
Then I tried to find the Force Login plugin but got a 404 when I tried to download it. So I tried the Hidden Forums plugin and chased my own tail for a few hours trying to get it to work. Couldn’t do it, gave up, found this version of Force Login, installed it, all good! (Well, except for there not being an option to register, only log in, but I can deal with that later.)
Then I got paranoid and figured I’d try adding Hidden Forums again (JUST TO BE SAFE DON’T YOU KNOW) and I found this. Neat! Changed that line of code, and everything was great when I logged in as admin/keymaster. It was great when I logged in as a test member who had access to the forum. Then I tried to log in as a test member who did NOT have access to the forum, and it threw Foxfire into a redirect loop and timed out. I couldn’t get the login page back at all, so I manually deleted the Hidden Forums plugin from my server & I could get back in.
It makes perfect sense that bbpress wouldn’t really know what to do when it’s simultaneously told “don’t show any hidden forums!” and “there’s only one forum and it’s hidden!” So I’m wondering what the best way is to proceed…if I just have Force Login working (as well as Approve User Registration), is Hidden Forums overkill? Or is Hidden Forums a stronger plugin, and I should lose Force Login? Or does it make sense to try to get them both to work?
And as far as other security measures go, I’ve got this going on in the header:
<META NAME="ROBOTS" CONTENT="NONE">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
…and a robots.txt with this:
Am I missing anything? Many thanks for your help, and even more for your patience.
- You must be logged in to reply to this topic.