What does a public Topic in a private Forum mean?
I’m building a small community forum with about 20 users. Bbp 2.6.9. WP 6.0.1 Login Attempts reloaded plugin.
Intention is for the whole forum to be private, and require user login to view and/or post.
Seems simple enough and works well so began live beta test. The forum is set ‘private’. But topics within it have to be set ‘public’ for logged in participant users to see. If topics are set ‘private’ only admin/keyholders can see, and that would not be good.
OK, so the ‘public’ topics and replies don’t seem publicly visible, after all they are in a private forum. For example https://mysite.com/forum/topicpage only returns content if user is logged in.
So far so good.
Except….early on in a limited test, an unexpected and uninvited brute force attack was able to identify three correct usernames (but not passwords) which I can only presume must come from reading topic post content ???
So what does a ‘public’ topic in a ‘private’ forum mean? Is content somehow publicly visible, and how do I get all content in a private forum to be properly private and only visible to logged on users? Or is there a security flaw?
Thx and I’ve run out of ideas, help appreciated TheFarmer
- You must be logged in to reply to this topic.