New Site and Dashboard Plugin

Ok here’s my honest opinion (this from a guy that thrives on change)… I’m not criticizing but attempting to give an honest take on this: The new WPMU Dev Dashboard plugin should NOT be required to hold a membership or use WPMU Dev plugins. For one, the plugin is extremely annoying and infiltrates many areas of my once clean network admin screen. The dedicated menu is unnecessary and should be in the settings or updates menu as before. I should be able to turn off the WPMU meta box in the network dashboard screen as well. I might have to hack that. I know your desire is to make things more convenient and to have a platform through which to promote new things to folks, I get that, we do the same thing with our web promotion, but give people a very easy and convenient way to turn these things off as well. It is NEVER a good idea to force people into something. Facebook learned the hard way (and still is) on that one. People who do not enjoy logging into their dashboards and seeing something completely different, permeated with ads and messages that they aren’t used to is a bad idea.

The other thing is, the new website overhaul… I like that you wanted a new look, but there are a few things here… for one, it is confusing since everyone was used to the old way of getting around, there should be a clearer way in which to navigate (not even sure what the remedy for this would be). Also, the post editor (when posting in for forum) … omg the huge text… the topic menu and title / content field text is ginormous! It looks like 18 point type or something, when it only needs to be maybe 12 or 14.

Just my honest opinion, do with it what you will. :slight_smile: Other than that, keep up the good work!


  • Kimberly
    • Champion of Loops


    Thanks for the feedback!

    I’ll pass it on to the correct folks.

    The change is quite a shock and I know some of us staffers are still trying to feel as comfortable here as we were on our previous site :slight_smile:

    And I echo your sentiments on the font size, I feel like I’m looking at the Large Print version of Readers Digest some days :wink: But designers do what they do :smiley:



  • Mason
    • DEV MAN’s Sidekick

    Honest opinions always welcome :slight_smile:

    As to the plugin, we “require” it as, for most folks, it makes sense and makes life easier for them to stay up to date and install our products.

    For awesome folks like yourself you can quickly hide the branding or limit the display through an easy define in the wp-config:

    This will hide the branding:

    define('WPMUDEV_HIDE_BRANDING', true);

    Additionally the Dashboard plugin is limited to first admin user (or whomever enters their API key) by default, and actually hidden from all others. So other folks on your network will not see the items as you – being the DEV member.

    You can also limit the entire plugin to certain admin users like so:

    define('WPMUDEV_LIMIT_TO_USER', "1, 10");

    Hopefully a combination of these elements will allow you to conduct your business without any of the stuff here getting in your way.


  • Silvia
    • Flash Drive

    I’d really, really like to be able to turn off this feature from my WPMUdev profile, not through the config. I’m a developer, and am pretty sure that most of the other members are too.

    This means that I’m turning over an entire web site to the client – ftp access and all. There’s nothing stopping the client from changing the config file, and then gaining the access to my WPMUdev dashboard and account.

    Right now, I have a choice of not using your fabulous plugins & themes in client websites (which is why I got the membership in the first place), or leaving a huge security and privacy hole in my account on your site.

  • Mason
    • DEV MAN’s Sidekick

    My thought is that if you are completely “handing over” the project to a client, you probably don’t want the Dashboard plugin at all. It’s totally for members here only.

    As your clients aren’t members they shouldn’t have access. As you’re developers you should be able to find/remove the notice about making sure this plugin is installed within any of our plugin files.

    In any plugin at the bottom of the plugin file that contains the header info, you’ll find a chunk of code clearly set apart and labeled “Update Notification Notice”. Just remove that for your clients sites and they can continue to use the plugin without any interruption from dashboard or notifications, etc.

    How does that sound?

  • Aaron
    • CTO

    This means that I’m turning over an entire web site to the client – ftp access and all. There’s nothing stopping the client from changing the config file, and then gaining the access to my WPMUdev dashboard and account.

    Even if you could limit it from this side, they would still have db access to grab your api key, as has always been the case.

    I think the big thing is you need to realize it’s only your username that sees the thing at all. You can even hide it from yourself as well by doing this:

    define('WPMUDEV_LIMIT_TO_USER', "0"); and only check for updates from this site if you really wanted.

  • HunterGatherer
    • Site Builder, Child of Zeus

    Hi Mason and Aaron,

    Both Corey and lovings concerns are highly valid. It seems that you guys on the staff are saying two things:

    1) It’s easy to block clients access to developer details,

    2) It’s not so easy that you would just build it in as an “On” “Off” switch.

    I find your responses perplexing. It’s a security issue. You should make plugging any potential security issue a TOP Priority, not an ad hoc solution.


  • Silvia
    • Flash Drive

    Thanks for paying close attention to our comments and a lively conversation about this issue :slight_smile:.

    This is the thing – I thought that I can’t do front-end updates to WPMUdev plugins without the Dashboard plugin. Please correct me if I’m wrong…

    When I hand over a web site to a client, they occasionally have to get the Super Admin access too – for example, one of the current customers is employing a separate SEO person who also needs to have access to all aspects of the site. Or, they might choose a different person for future maintenance, which includes plugin updates. This, necessarily, includes superadmin & therefore access to the Dashboard or config files.

    They *need* the API key if they’re to be able to update the WPMUdev plugin(s) I’ve used on that particular site. This API key does not let them do anything but update the plugins, though, and is only valid as long as I keep paying for my membership. On the other hand, right now, they might be reading this entire conversation on the Dashboard, and I’m not happy with that. (By the way, if you’re worried about the keys getting around to non-members, a place in our profile where we could enter the urls of legitimate domains we’re using the plugins on might be one way to deal with it….).

    Aaron, any changes to config files can be easily hacked by anyone with ftp access – and most customers I get buy their own hosting and just give me access.

  • Silvia
    • Flash Drive

    Woops, I didn’t know that. I’ll read the TOS more carefuly and take steps to prevent it, if I can figure out how to do so… Any suggestions (aside from not giving clients superadmin account info-that’s not always possible)?

    Still, that doesn’t change the fact that the clients can still see the Dashboard if they have superadmin access. What can I do about that?

  • Silvia
    • Flash Drive

    Nope, just tested that.

    I added:

    define(‘WPMUDEV_HIDE_BRANDING’, true);

    define(‘WPMUDEV_LIMIT_TO_USER’, “1”:wink:;

    to my child theme’s functions.php file.

    Then, created an account “testadmin”, logged in (with a different browser just to make sure), and I can still see the Dashboard as well as the WPMUdev menu.

    Sorry for hassle.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.