Password protected pages aren’t really “protected” and not uniquely protected. Using this features needs some consideration. A short explanation and a list of things to keep an eye on.
This one’s a quick tip. As you might (not) know, in WordPress everyone, who has the ability to change user roles (capability name: edit_users), can give a user any role that is present. This also gives your editors or authors the ability to change others roles to administrator. Something that often is not appreciated. The […]