Pro Site sub site admin can activate/deactivate plugins from WP

Found an issue between Jetpack and Pro Sites. A sub site admin user can connect with Wordpress and turn on/off any plugin that is not network enabled bypassing the Premium Plugin controls. Jetpack's network settings locks down the user from connecting/disconnecting Jetpack entirely but does not restrict the user from connecting their account. Of course we want the user to be able to connect to Wordpress, however they have control of the plugins there. I am looking for a workaround, is there a fix you can write for this?

  • Sajid

    Hi @ipmcorp

    Hope you are doing good today and welcome to WPMUDEV community :slight_smile:

    I just tested on my sandbox site and its working fine to me. I connected with WordPress using my subsite admin. I am still not able to activate plugins that are not allowed to under my access level (see screenshot).

    Are you using latest version of Pro Sites and JetPack ? If yes then can you please provide us steps to reproduce this issue on our end ?

    Take care and have a nice day :slight_smile:

    Cheers, Sajid

  • Michael Love

    Hi Sajid,

    Thanks :slight_smile:. All up to date. I ran through it again and tested a few variables, the result is one was blocked and all others tested activated, here are the steps and details:

    WP 4.2.2 | Jepack 3.6 | Pro Sites | Multi Db 3.2.5

    Jetpack: Network Enabled & Network Settings Default (do not allow) Allow individual site administrators to manage their own connections.

    Pro Site: 3 levels defined, premium plugins set, sandbox mode, trail period enabled
    New site autos to level 1 for trial period (perhaps the bug is trial period even though level 1?)

    1. Create new user & site from front end
    2. Login and see Jetpack at admin dashboard - button to connect to WP
    3. WP login screen, create new WP account, then it redirects back to new site admin dashboard.
    4. Activate new WP account via email confirmation
    5. Head over to Wordpress (verified new user account) goto plugins
    6. Activate LVL 2 plugin "All in one event calendar" - failed to activate and created DB error message on new site dashboard.
    All-in-One Event Calendar has been disabled due to an error:
    Database update has failed. Please make sure, that database user, defined in wp-config.php has permissions, to make changes (ALTER TABLE) to the database.
    Error encountered: In table wp_6_ai1ec_events indexes are missing: PRIMARY, feed_source

    7. Activate LVL 2 plugin "Bloom - Elegant Themes" - successful (see screenshots)
    8. Activate LVL 3 plugin "Checkfront" - success from WP, the new site dashboard plugin menu indicates that it is active, however admin menu is missing. (screenshot)
    9. Activate LVL 2 plugin "Communities" - success all around (screenshot)
    10. Activate LVL 3 plugin "Marketpress" - success all around (screenshot)

    I then deleted the Communities plugin, reinstalled, and tested but same result. Checking for file permissions.

    Any ideas?

  • Sajid

    Hi @ipmcorp

    Hope you are doing good today :slight_smile:

    The default settings of JetPack for network is (Allow) Allow individual site administrators to manage their own connections (connect and disconnect) . (see screenshot)

    If I unchecked this option (Do not Allow). Then it completely removes the JetPack menu from subsites admin panel. Is it same for you ?

    Its still working fine to me as it suppose to work.

    Did you customized the Pro Sites plugin according to your requirements ?

    If its okay for you, then please grant support access so I can take a closer look. I will deactivate/activate some plugins and switch themes for troubleshooting.

    Take care and have a nice day :slight_smile:

    Cheers, Sajid

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.