Cannot Approve Posts | ww.wp.xz.cn

Resolved daveparkhurst
(@daveparkhurst)

8 years, 8 months ago

When someone comments on a post, we get an email to approve it. Url like this:
Approve it: https://newlifeethiopia.org/wp-admin/comment.php?action=approve&c=391#wpbody-content

However, the IP Geo Block blocking message comes up.

The Moderation link works, however.
https://newlifeethiopia.org/wp-admin/edit-comments.php?comment_status=moderated#wpbody-content

I’m logged in when doing this. IP Geo Block is the most recent version. Any help appreciated.

The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)

Plugin Author tokkonopapa
(@tokkonopapa)

8 years, 8 months ago

Hi @daveparkhurst,

This is normal behavior for now when you enable “Prevent Zero-day Exploit” at “Admin area“.

Please think about the case that you receive a fake email which includes malicious link covered by a legitimate url. When you are logged in as an admin and carelessly click that malicious link in your email, your site would be contaminated with because you have admin credential.

This type of attack is called “Cross Site Request Forgeries” aka CSRF which is usually combined with other type of attacks such as XSS or SQLi.

If you think that this is inconvenient, please add the action approve into “Exceptions” at “Admin ajax/post“. I haven’t tested it, but it may be in effect.

Thanks for your kind understanding.

Viewing 1 replies (of 1 total)

The topic ‘Cannot Approve Posts’ is closed to new replies.

1 reply
2 participants
Last reply from: tokkonopapa
Last activity: 8 years, 8 months ago
Status: resolved