s2Member Upgrade Page has user data in it

URGENT

s2Member page with short code to upgrade membership.

This page worked. and now–Suddenly the page pre-populates with user data!

Anybody from any computer and any browser can visit our upgrade page and the same user data appears:

1. First Name
2. Last Name
3. Email Address
4. User Name

Please help us!

Hello Mark,

This should only happen for already logged in users, naturally WordPress fills it with the user’s info by default, if WordPress has access to it, which it does if the user is already registered.

Hope this helps. :)

Eduan,

You are right. We suspected that this would only happen with logged in users.

That is why we are asking about this for non-logged in users:

Anybody from any computer and any browser can visit our upgrade page and the same user data appears:

1. First Name
2. Last Name
3. Email Address
4. User Name

Please help us!

So what you’re saying is that it’s pre-populating it even though the user has never visited that page? Or do you want this functionality?

Either way, it shouldn’t and can’t work like that, cause it has to grab the info from somewhere, and if the user is not registered, it’s kinda impossible for WordPress to guess the info.

Hi Mark.

That’s a weird behavior. Maybe caused by caching?

I suggest that you deactivate the caching plugin you’re using, if you have one, and see if that solves it. If not, deactivate other plugins one by one, in case there’s a conflict with one causing it, and check after each if the problem continues.

I hope that helps.

Hello,

First, the behavior stopped. And yes, it should never have happened. IT was a registered user’s info and data. And of course it’s not a feature we want.

To clarify the behavior, our membership site has s2Member Pro and a few thousand members.

Randomly, the Upgrade Membership page (a WordPress page with the Upgrade Membership shortcode), began displaying one member’s information. We visited the page from different computers, different geographic regions (UE and EU), and with five different browsers (Chrome, MSIE, Safari, Firefox and Opera). At the time I posted the original message, all of us from our different computers, browsers and parts of the world, could see this same user’s info in the Upgrade Membership page. We were all Admins and the user was a free subscriber.

So if it was a caching issue–how did the member’s info appear in a page for all of use?

And if WP was caching the info–how did it get into the s2M shortcode fields in that page?

We have since ran into other issues with the hosting company so we relocated to a more robust host. And this issue is no longer an issue–but it would be real good to understand how all the world could go to our Upgrade Membership page and read private info about a registered member.

BTW We left the host because when our site got heavy traffic they throttled the CPU and choked our site during the time when we needed bandwidth and CPU the most. I won’t mention their names but their initials are Bluehost and Bluehost CPU throttling killed our site. Bluehost could have made money by charging us to upgrade our CPU rather than automatically choking it–but they’re not a problem for us any longer.

So this issue is gone–but we wonder how it happened and why WP and the s2M shortcode was displaying the private member data. That’s a very undesirable behavior.

I’m glad you solved the host problem, and that the issue is gone.

I mentioned caching, but didn’t mean the browser’s, was thinking object caching, which is server side. It is done by some caching plugins and it’s known to cause trouble.

When you tried viewing from different computers, did you also try different accounts, including normal, non-admin ones? Just curious.

Cristián,

Thank you for enlightening me about server side object caching.

Yes, we were testing caching plugins when our site was slow–we didn’t know that the host was throttling our site. The site was just crawling on the front end and on the back in. Typical page loads front and back were running 40 seconds!

So I got the GTMetrix plugin, and also ran the site URL through every site analysis tool I could find on the internet.

I aggregated their advice and took care of the highest priority items first–one of the biggies was caching.

So we ran through a fist full of caching plugins, one at a time and then some together, because they addressed different issues. So we probably caused the object caching during this phase of our crisis.

The sad thing is that our site was a bit heavy but not horribly bad, normally loading in 8 seconds. But several of us lost a lot of time and we lost some member goodwill, trust and interest because Bluehost throttled our CPU down. We didn’t know this so all our work was essentially useless.

We’re in much better hands now with WPEngine. They manage caching for our WordPress site–so it’s like lightening now.

BTW I mis-typed earlier, “UE and EU” should have been “US and EU.”

Ah ok, got it.

I’m sorry you had that experience with BlueHost, I haven’t used them myself. But it’s a good thing you spotted that and moved to a good service now. :)