Matias LarraldeHello,
When a customer logs in, they can see files and pages meant for other customers in the “Recent Files”and “Recent pages” section. We want to make sure they only see files assigned to them, as it’s personal information (scr1)
This is concerning since it should not happen. My first thoughts and guidances would be :
- You did not properly configured the permissions. For instance, in Settings > WP Customer Area > Capabilities, you checked the box “view any private files” for the subscriber role, which is meant to allow access to any private content from the database for a given role. This should not be checked, except for an administrator, or a role meant to manage any private content from this post type.
- You are maybe facing a plugin conflict. Please check the guide and disable any plugin except WPCA and its addons to check for an eventual conflict. Also try to switch your theme to see if anything could be conflicting.
Also, in some cases, the customer sees everyone else’s files in the dashboard, but not their own. They only find their files if they manually go to the “Pages” or “Files” section (scr2).
The fact an author doesn’t see a private content he created himself can come from a misconfiguration. By default, authored posts are hidden. You need to “unhide” authored posts to let an user see the posts he created. Please check this FAQ to solve that. However, the fact some of your users can see some private content not assigned to them, nor authored by them, from the frontend, hasn’t yet be reported, and should not happen.
Also, when you click on a link from the dashboard that should normally not be displayed, are you actually able to then see the post, or do you see a message like “sorry, you are not allowed to see this post”?
Regards.