hide API key after entered on website

Occasionally I need to give other developers access to Super Administrator. I’ve worked with all of mine for several years but, I’d like to eliminate the temptation to copy my WPMUDEV API key.

Can we just have a green box that shows “API Key Entered” ?

It could be encrypted in the database using the same process as passwords.

Hmm, it would be nice to have a place in our WPMUDEV account dashboard that shows the sites using our API key. If a key suddenly starts getting used on hundreds or thousands of websites, that would be a good indication of it being “shared”. I don’t think that is too intrusive or violates any privacy issues, you expect to be paid for your work.

Since I have hundreds of sites too, the API key entry should send a response to WPMUDEV that it was used on a multisite installation.

  • DavidM
    • DEV MAN’s Mascot

    Hi Joseph and welcome to WPMU DEV!

    Thanks for your feedback on all this! I would think the best way to handle granting access to the Super Admin account would be to create a new user role with all the same privileges except specific ones required for access to such options as those provided by Update Notifications, no?

    The Admin Menu Editor might be able to help with some such restrictions too.


    As for a list of sites using the API key, that sounds like a great idea really. I’ll tag one of the web developers here to see how that might be done.



  • JosephKewish
    • New Recruit

    Most of the average users may not see the list as having any purpose. Those who are more intense about their sites would probably be the only ones interested in it.

    I see this as an extra security checkpoint.

    If the subscriber suspected his site/server had been accessed but all looked normal, having new sites pop up using the API not only confirms a server break-in it also tracks down the culprit.

    Many, many people give the wrong level of access to third party consultants and outsourcers who end up downloading copies of themes & plugins from the site. We’ve encountered more than a few outsourcers who tell us they have “every” theme or plugin from a dozen or more services. I’ve audited a few sites they’ve done for us and discovered they were using someone else’s license.

    Ok, I tend to micro-manage security issues. I just want to know that the subscription “I” paid for is only being used on my sites. I don’t even trust my brother with my sites. I keep track of all licensed purchases, computer software or website utility and I know the sites & servers where they are being used.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.