Enable theme uploading to supporting members


Is there a way to enable a feature like "upload your own theme" or CSS edition for supporters? Either using Supporter or any other plugin?

It would be very nice to see this feature in any of the WPMUDEV plugins!


  • drmike
    • DEV MAN’s Mascot

    - (Whatever the ANSI code is for the infinity symbol.)

    It would be a major security risk as you would be allowing your endusers, even if they are supporters, to upload whatever code they wanted. Including code that would erase your database and files, send spam, and replace your site with nothing but porn. No, I'm not kidding.

    wp.com allows you to do this for their VIP's. Please remember that starts at $600 a month. There's a reason for that. (For reference, they use a trac/svn setup where the client uploads the updated theme code as a patch, it gets a looksee by an Automattic employee and then it gets applied to the site. At least that's how it was explained to me.)

    Are you sure you want to do this?

    Sue, Andrew, James, and the rest of the posse. May I suggest an article or two on the wp.mu site concerning security? No offense to the poster but this makes like the third such post in about 48 hours.

  • drmike
    • DEV MAN’s Mascot

    CCS Tidy has security issues although I believe the version that they include with the plugin has been worked on. It's also no longer being actively developed although again I believe they're working on it inhouse.

    If you go that route, a strong suggestion to replace css tidy with htmlpurifier.


    We use a different css editor but we applied that as a filter and have yet to have a problem. You may want to read the comparison page on that site which compares the different filters, including kses.

  • wiesenhauss
    • WPMU DEV Initiate

    Thanks drmike and Aaron!

    I think drmike is right, this security risk is dangerous enough to make me give up on this. I don't want to hire 10+ employees just to moderate custom CSS/themes the users send. It's just too much effort, even if the users are paying something.

    My small hosting company already provides a complete WordPress-optimized cPanel hosting plan, so users that need using their own theme will likely subscribe to it.

    thanks a lot guys, it's my first day in WPMUDEV and I'm really enjoying it!

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.