diff --git a/includes/core/class-secure.php b/includes/core/class-secure.php index 17fe9d3a..d519503d 100644 --- a/includes/core/class-secure.php +++ b/includes/core/class-secure.php @@ -203,6 +203,10 @@ if ( ! class_exists( 'um\core\Secure' ) ) { } + if ( isset( $_REQUEST['um_dismiss_security_first_time_notice'] ) ) { + set_transient( 'um_secure_first_time_admin_notice', 1, 5 ); + } + } /** @@ -327,7 +331,7 @@ if ( ! class_exists( 'um\core\Secure' ) ) { 'options' => $banned_admin_capabilities_options, 'value' => UM()->options()->get( 'banned_capabilities' ) ? array_keys( UM()->options()->get( 'banned_capabilities' ) ) : array_keys( $banned_admin_capabilities_options ), 'label' => __( 'Banned Administrative Capabilities', 'ultimate-member' ), - 'description' => __( 'All the above are default Administrator & Super Admin capabilities. When someone tries to inject capabilities to the Profile & Register form submission, it will be flagged with this option. The manage_options, promote_users & level_10 capabilities are locked to ensure no users will be created with these capabilities.', 'ultimate-member' ), + 'description' => __( 'All the above are default Administrator & Super Admin capabilities. When someone tries to inject capabilities to the Account, Profile & Register forms submission, it will be flagged with this option. The manage_options, promote_users & level_10 capabilities are locked to ensure no users will be created with these capabilities.', 'ultimate-member' ), ), array( 'id' => 'secure_notify_admins_banned_accounts', @@ -724,6 +728,24 @@ if ( ! class_exists( 'um\core\Secure' ) ) { // Delete transient, only display this notice once. delete_transient( 'um_secure_restore_account_notice_success' ); } + // phpcs:disable WordPress.Security.NonceVerification + if ( ! get_transient( 'um_secure_first_time_admin_notice' ) && ( ! isset( $_REQUEST['page'] ) || 'um_options' !== $_REQUEST['page'] ) ) { + ?> +
+

+
+ +

+

+ + +

+
+