Cheating huh?

[shidouhikari]

I've sen this infamous error msg more times than I wanted, in my own site where I'm admin.

That happens with more frequency when adding a new comment, but some times also inside admin pages.

I understand it's generally capability and permission tests that fail, and that happens in pages that ppl without permission to access them shouldn't see links to them, therefore they probably tried direct access to somewhere they shouldn't be going.

But also it happens when session expires or due to some bug. In this cases, the user is effectively not doing anything wrong, it may even be WP fault, and when that's the case the message is rude, even offensive to more emotional ppl.

Even worse, it gives no hint on what went wrong, so that user can try to fix it.

Then I suggest these messages to be changed, to more meaningful and also polite messages. Real cheaters and hackers will already have any info a message may provide, so a better explanation of what went wrong won't help them succeed in their attempt to hack a site, and will help a lot the victims of these errors.

Not a problem I've come across, but I agree with the sentiment. I'll see if I can put something together for it.

This warning should never be accessible via the UI. These are nothing more than sanity checks. If they can be accessed in a normal setup via the UI then that is a bug.

Replace the cheatin message with a login message

Having checked this out, it's more difficult than I imagine to actually get one of these warnings. Nevertheless, on the off-chance that it's accessed by a valid user typing in a URL for a random page they don't have access to, attached patch with a more explanatory error.

Upon looking at the attached patch, would it be better to phrase the text as ... 'There was a problem loading this page, you may not have the necessary permissions, or may need to <a href="' . get_option('siteurl') . '/wp-login.php">' . __('login') . '</a> again?' ... so basically adding the again? after, more, if anything to make it make a little more sense?

I did do it like that (with "again") originally, but on my screen it created word-wrap to the next line, which I didn't like, hence the way it is now. Trivial to do either way, really.

Per conversation in IRC from a few months ago, I'm going to close this as wontfix.

As I said, these are sanity checks. They're impossible to reach via the UI. (If they were, that would be a bug.) You need to hit a URL that you specifically don't have access to. You need to be logged in as well, so the link to wp-login is invalid.

I'd like to request reconsideration of this ticket.

While rare, when encountered it gives an unprofessional appearance of WordPress. I had a contact from a perspective client who ditched their previous consultant primarily because, after seeing this error message, assumed the guy was doing something shady on his site.

I grant that for it to appear, the consultant was probably doing something wrong, but that isn't the point.

Despite the rarity, is there a reason that it should be kept at "Cheatin'" and not something else?

To recreate message:

1. Log in to /wp-admin/ as privileged user (administrator, editor), etc. Leave that tab alone.
2. In separate tab, visit /wp-login.php and login as a Subscriber user.
3. In original tab, visit the Categories or Tags link (Posts->Tags, etc).

That workflow isn't common, but I could foresee someone in IT showing off a feature of WordPress to someone on the business side of a company and getting that message after mistakenly switching to the wrong tab/not re-logging in first/etc.

Three ideas:

1. Use the standard permissions error message ("You do not have sufficient permissions to access this page.") and reduce a string for the polyglots.
2. Use something slightly different to keep it unique to the cheater check. ("You do not have permission to view this page.")
3. Something more unique ("A permissions error occurred while attempting to access this page.") to help polyglots keep it different.

Patches forthcoming for the three options.

tl;dr -- Sterilize the error a bit to make it more palatable to folks who don't understand our sense of humor. Nothing more needed.

Change to You do not have sufficient permissions to access this page.

Change to You do not have permission to view this page.

Change to A permissions error occurred while attempting to access this page.

+1 on this. I don't see any particular reason not to replace the (snarky, IMO) current message with something more explicit about what's going on.

This message would also benefit from having a link back to either the site home page, or the admin dashboard, so the message isn't such a dead end.

John-- I think you're right, but I think we should do that under a different ticket. The other "permission errors" do not include a link back, so my two cents is let's get the text changed, and focus another ticket on the link back.

A quick look at http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/functions.php#L2049 tells me there is a 'back_link' ability, so, without knowing the code better, may be another fix that is more proper than changing the text string.

I agree - I have been in the same situation of having a frustrated client encounter that message and assume there's something shady going on with his website. I like "A permissions error occurred while attempting to access this page."

FWIW, I'm helping out over on the WordPress.com forums and an user had the Cheatin' message appear. I think it was a similar reason as described in Comment 8.

​http://en.forums.wordpress.com/topic/i-want-my-url-to-be-thisonetreewordpresscom-its-attached-to-my-other-email?replies=13#post-1257253

Despite the rarity, I think a more descriptive message would be a better UX.