Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Guest User Access: Site Preferences for Guest User Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Guest User Access: Site Preferences for Guest User Control

            This security setting prevents unauthenticated visitors from accessing the full list of registered users, members, and contributors within an Experience Cloud site.

            Control Name

            Guest User Access: Site Preferences for Guest User

            Recommended Configuration

            Set Digital Experience>All Sites>Workspace>Administration|Preferences>Let Guest Users See Other Members of This Site to unchecked/disabled.

            Control Overview

            This security setting prevents unauthenticated visitors from accessing the full list of registered users, members, and contributors within an Experience Cloud site.

            Security Risk If Not Configured

            When this preference is active, anonymous users can systematically enumerate the names, titles, and profile details of all community members, leading to the unauthorized disclosure of your customer or partner directory.

            Threat Scenarios

            A malicious actor uses an automated script to scrape the site for valid usernames and identity details, which are then used to launch targeted phishing attacks or credential stuffing campaigns against your users.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Exposing the member directory results in a significant breach of user privacy and can lead to competitive intelligence gathering or the compromise of high-value accounts through social engineering.

            Higher Risk When

            Risk is higher for professional or partner networking sites where member profiles contain sensitive professional details, contact information, or proprietary affiliations.

            Low Risk When

            If the site profiles are already restricted to only show generic information and do not include real names or email addresses.

            Business and Integration Considerations

            Disabling this feature may affect the user experience for sites built for public collaboration, as it prevents anonymous visitors from seeing who else is participating in the community before they log in.

            Recommended Remediation

            Go to the Administration section of the site workspace, select Preferences, and ensure the checkbox for letting guest users see other members is deselected.

            Security Health Review Guidance

            Security Health Review identifies the masking of the member directory as a mandatory privacy control, making sure that user identity data is only visible to authenticated participants with a legitimate business need.

            See Also

             
            Loading
            Salesforce Help | Article