[Branda] Access and privacy control in Branda for end-users for a better end-user experience!

Branda is as you guys already know; It’s all about customizing your WPMU system for the end-users experience of your website/s and making the user experience better overall.

So why not also build in a way to control access to your WPMU system and which websites employees and end-users are allowed to join and login too, right?

Now that James decided to ditch +90 plugins and among that “Multi-site Privacy” there is no such option in the market anymore that enables you to do that anymore which is:

To partition up your websites with fine grained control over what websites that can be accessed in your WPMU network.

For example:

You may not want end-users or employees to join/or access and join automatically your company website, your Career portal, HR-system, CRM system or whatever you may wish to restrict, (By default: WMPU allows users to access all websites in the network), but you do like them to be able to join your public website, your community website etc.

So what I am suggesting is that why not add the “Multisite Privacy” features in an improved version into Branda so you can customize this for a even better experience for your end-users and gain even better security for yourself/your company too?

That is a win-win for both parties!

I think this would be an great addition to the already great Branda plugin and also offer something that cannot be found anywhere on the internet too!

@WPMU-DEV-Community: If you like my idea then +1 it!

Kind regards

PowerQuest

  • Adam Czajczyk
    • Support Gorilla

    Hi PowerQuest

    I hope you’re doing well today!

    Branda is all about customization of the site and this is more about “access control” which is slightly different. But I get your point :slight_smile: There were multiple reasons for the decision about those plugins and in case of Multisite Privacy one I can tell that one of them was that the plugin was just… not quite popular and widely used.

    The case scenario that you described makes sense to me. I’m thinking though: since it’s mostly about the access control wouldn’t that better suit Defender?

    That’s a bit “tough cookie” – it’s not really the kind of customization that was ever planned for Branda and it’s not really a “security tweak/hardener” that Defender provides. But Defender does already provides some sort of “access control” – black/white listings, login masking…

    So here’s my doubt: adding some “enable/disable login” and “enable/disable registration” general option “per site” in Branda (probably directly related/enhancing login customization module)? Or implementing some more advanced login/registration control in Defender?

    What do you think would be better/would better suit your idea? I know you said “Branda” but I’d like to get some more feedback on this from you, taking my doubts above into account. I’d appreciate it a lot and I’ll be more than happy to talk to our developers then :slight_smile:

    Best regards,

    Adam

  • Avatar
    • The Bug Hunter

    Hi PowerQuest

    +1 For more customization of the Branda Privacy settings. Since not all GDPR settings are already available. More specific choice options about what kind of cookies will be needed. Also, would it be great if Branda would let you customize the Privacy Cookie consent in a more advanced way: Bar, PopUP, SlideIn

    Wp-ultimo let you auto-assign network users to the main website.

    Maybe you can set more Capability Roles or Permissions with plugins from this dev team? https://publishpress.com/ (network-friendly)

  • PowerQuest
    • Syntax Hero

    Hi Adam Czajczyk :smiley:

    Thank you for your feedback and your reply. :thumbsup:

    Quote:

    I’m thinking though: since it’s mostly about the access control wouldn’t that better suit Defender?

    I guess that comes down to the definition of it, as a feature like this will improve user experience in the sense that they will not be confused in some sort of way attempting to login to the wrong website/making it much clearer and on the other hand more secure for the operator of the wp system. But you’re correct, Defender could also might as well have the function included. On the other hand Branda already includes some sorts of security tweaks like “Site Generator Info” which allows you to change the WP version number to something else etc.

    Quote:

    But Defender does already provides some sort of “access control” – black/white listings, login masking…

    Well, yes from that perspective it would make sense to build in the functions in Defender though as this allows you to partition the WMPU Network in which areas (websites), that the end-user and employees can join and access.

    Quote:

    Adding some “enable/disable login” and “enable/disable registration” general option “per site” in Branda (probably directly related/enhancing login customization module)?

    Or implementing some more advanced login/registration control in Defender?

    Hmm….. That is a a tough cookie indeed! :cookie: :thinking:

    But I guess it is in the end the same side of the coin somewhat?

    It both achieves the same end-goal to somewhat degree… But when presented that fashion, I guess more fine grained control is more desirable which maybe (?) which then leans more in Defenders favor as a security solution?

    The reason I had Branda in mind is because it is already as a “Swiss Knife” and has several tools build in already that in some degree also does some minor security tweaks as mentioned above, and to add the privacy control option too that is not only a question about security, but giving your users a less confusing experience. So it felt natural to have it in Branda as yet another part of the “Swiss knife” itself.

    As you know WP Multisite does on some cases broadcast the other websites in the network system that you can join, like for instance when you have BuddyPress installed.

    Now by removing these sites from that will make end-user less confused = better user experience and make the site owners more happy because= they have better security.

    So suddenly it’s double edged sword one could say.. From that view of perspective.

    Quote:

    What do you think would be better/would better suit your idea? I know you said “Branda” but I’d like to get some more feedback on this from you, taking my doubts above into account.

    Well after presenting it as you now have done, I’m starting to lean over to the Defender argument more, because a more fine grained control over what and which websites your end-users/employees can access is a more desirable approach and will ensure that your WPMU system is secure and just allowing the “right people” to access special website company assets in the WPMU network system such as your corporate website, CRM site, HR-site etc and allowing the public internet to only to join and access your forums, public blog site, member site, community etc etc, thus end-user will have better experience too.

    I hope this make some sense to you. :smirk:

    Kind regards

    PowerQuest.

  • PowerQuest
    • Syntax Hero

    Thanks Avatar I guess you’re correct too as “GDPR settings” “Privacy Cookie consent” etc as you mentioned is also part of a set of privacy options.

    Just a different set of Privacy options that I have mentioned above I guess.?

    But yes, they do somewhat go hand in hand and could be built into the same section?

    The hard nut to crack :chestnut: is really as Adam mentioned:

    Should it be Branda —OR— Defender that the developers add the functions to?

    Anyways, good WPMU Dev folks, remember! :stuck_out_tongue_winking_eye:

    Don’t forget If you like my idea to +1it!

    Kind regards

    PowerQuest.

  • Adam Czajczyk
    • Support Gorilla

    Hi!

    I guess we’re still a bit on “tough cookie/hard nut/puzzler” side with it :smiley: It seems we all agree it would be good to have such control at hand and possibly – rather more granular than more general.

    So, I reached out to our Product Design Lead to read our discussion here and make the call. I think he’s opinion on this will help us finally “crack that nut” :slight_smile:

    Best regards

    Adam

    • Andy
      • Product Design Lead

      PowerQuest Hey! I’m the big bad product guy :joy:

      I am definitely hearing your points here about a bit more control around the mulitisite area of things, particularly since we’ve decommissioned (mostly due to low-use) our multisite array of plugins. Overall, the plugins we do upkeep we do try to support multisite for most features.

      Your main pain point from what I can tell is To partition up your websites with fine grained control over what websites that can be accessed in your WPMU network.

      If that’s the main issue, I can foresee a simple UI to define what subsites each user role has access to. Does that sound right, in it’s simplest form?

  • PowerQuest
    • Syntax Hero

    Hi Andy

    in it’s simplest form, you could claim that is correct.

    The strong need to be able to control which sites in the WMPU network that end-users and/or employees can access.

    Like for example:

    You do not want your end-users to be able to signup and sign-in to your company CRM system… :scream: but you do want them to be able to access your public forums. :thumbsup:

    So yes, correct you would like to be able to partition up WPMU in accessible areas and non accessible areas depending on what type of user it is.

    In other words you want to offer your users the best and a simple user experience with clear options in what they can do, (Sometimes WPMU adds user automatically too to other sites which then can be listed in their profile if you have BuddyPress for example etc, which can create confusion), and as a site owner to have the security you deserve to control your users access on your WPMU Network system.

    Kind regards

    PowerQuest

    • Andy
      • Product Design Lead

      Hi PowerQuest I always prefer to keep things as simple as possible to start with :cactus: !!

      Alright, so sort of the ability to specify a setup like the below…

      administrator = All Subsites.

      editor = Main Site (Sales Site), Subsite 1 (Blog).

      subscriber = Subsites 2 (Community Forum) & 3 (Support Forum).

      shop_manager = Subsite 3 (Support Forum) & Subsite 4 (Marketplace)

      On the same page?

      You mention signup and sign-in so I am assuming this is largely restricting access to the backend/WP Admin area on those subsites.

  • PowerQuest
    • Syntax Hero

    Well yes, something like that I suppose.

    As a company you want your users to only have the right to the things they should be able to access, so that picture I guess is fairly correct.. some parts of your WPMU is public, other parts is restricted on your employees job/access rights etc. You want the HR-department/HR-manger to access your career site for example etc..

    • Ani
      • Product Designer

      Hi PowerQuest

      Hope you’re doing great today.

      I am happy to announce that we have discussed your suggestion with our product team and we’ll include this feature in Branda. :slight_smile: If you have another request regarding this feature, please let me know, happy to discuss further.

      Regards,

      Ani

  • PowerQuest
    • Syntax Hero

    Hi Ani

    Oh wow, that’s awesome! :thumbsup::yum: :tada:

    Quote

    If you have another request regarding this feature

    Nope, not so far, but you’re clever people so I’m certain that your team figure out how to do it properly in a intuitive useful way! :smirk:

    I’m happy to give any feedback of course if you want some down the line as you guys get ready to roll it out etc. You have my email, (obviously) so if any, you can always email me directly and privately there if you guys want..

    Kind regards

    PowerQuest

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.