why does the wpmu dev dashboard disappear sometimes and to get it back it need to be deactivated

Hi,

Why does the wpmu dev dashboard disappear sometimes and to get it back it need to be deactivated and reactivated?

Thanks.

  • Vaughan

    Hi Greg,

    Hope you're well?

    Are you using multiple admin accounts at all? The dashboard plugin is only visible by default to the admin that installs it.

    You can add the following line to your wp-config.php which will let you manually assign a user to it so only those users can see it. This might solve the issue for you

    define( 'WPMUDEV_LIMIT_TO_USER', '1' );

    You can add multiple users by seperating each user_id with a comma.

    Hopefully this should be more reliable for you.

    Hope this helps

  • Greg

    @Vaughan,

    Ok, your right not the different login I think.

    However . . . I noticed something a little concerning . . .

    #1 When I activated it as a different user, though, it automatically picked up the profile from the original username and password from the other profile. That does not seem desirable of course. What do you think? Can that loophole be fixed?

    #2 In the past, since this a similar item and we are talking about it now on security, I have also noticed that if a fellow admin on a site resets the password of another admin that has wpmudev dashboard and logs in, they will be able to see and view private info in the wpmudev dashboard area (not to mention interact in the wpmudev account via the dashboard). Perhaps if the user password is changed for the particular admin who activated the dashboard and supplied credential, then the wpmudev dashboard username and password should be reset automatically or something of this nature?

    What do you think?

    :slight_smile:

    Greg

  • Vaughan

    Hi Greg,

    Someone mentioned this previously about this kind of scenario & I added those suggestions to a feature request for the developer to consider. I can't say what can be done about that though initially, but trusting who you give admin status to is a good way.

    A possible quick workaround to prevent other admins changing your password is that you could add a bit of code to your main site theme functions.php or a mu-plugin

    This will only work as long as none of the other admins have FTP access on your site though.

    Simply create a file called prevent_pass_change.php

    Add the following to this file;

    <?php
    wp_set_password('password',1);

    change password to your password. the 1 is the user_id

    Then upload this file to /wp-content/mu-plugins

    Now whenever you change the password for user_id 1, the password will then immediately be changed back to the password you set there. (you'll just need to remember about this file if you do wish to change your password)

    Hope this helps

  • Greg

    @Vaughan

    Cool. But, I found another vulnerability. Other admin can see the wpmudev plugin being not active. If they activate it on their profile, then it activates with the last known username and password's profile as well.

    So, perhaps could the plugin be located somewhere else other than the plugin folder AND if freshly activated be sure it does not pull in someone else's profile (basically require and new username and password upon any activation? Another issue is, can there be different wpmudev profiles with different admins?

    Thanks.

    :slight_smile:

    ***can you move this to dev's suggestions too?

  • Aaron

    By it's very definition the admin role has all privileges. They can reset passwords, even edit the db and php files directly. No further protections we add to the plugin can overcome this. If you need protections other than what we provide, the solution is to lower the power of your clients role, not to try and invent a new even higher role. This can be done with any number of plugins like User Role Editor, etc.

  • Greg

    @Aaron and @Vaughan

    Hey. Thanks for you input here.

    Well, that will not really work with all situations.

    What do you think of the following approach then . . . ?

    How about if a email or password is detected by the plugin as having been changed (by the user who activated and provided the wpmudev login credentials/api), it just automatically removes the wpmudev login credentials/api altogether (i.e. resets it)? I think that would be perfect and easy for both wpmudev clients to be a lot more secure with their info and perhaps for you guys to implement into the plugin as well.

    So, if I or anyone at all would reset the password or change the email address, then the wpmudev plugin would auto reset the login credentials/api totally.

    Also, it would be good to automatically have the plugin set for only the user who activated it to see it vs having to manually add code to ensure it as well like (just side thought):

    <?php
    wp_set_password('password',1);

    I believe it would be a ton more secure for all wpmudev clients potential sensitive data and also this alternative approach should be a lot simpler for you guys to implement from your side too (from a code standpoint I hope) . . . smile.

    What do you think of this approach generally?

    :slight_smile:

  • Greg

    @Aaron and @Vaughan

    Ok. I will explain my concern a little more . . . smile.

    If one logs in with wpmudev credentials, then they can go to the dashboard and to any number of things:

    1. Ask a question under our account.

    2. Go to manage and see our credit card info and when it expires, payment info, api, transaction data etc.

    3. Modify the actual membership without authorization.

    4. Download plugins/themes

    5. And do anything else inside the plugin on our behalf without knowledge of us

    ***Generally, it kindof feels like we are naked and exposed that is all . . .

    >>>Right, I see what you mean in the database but at least it is not so apparent or easy to do vs. going to browse around the account in the dashboard.

    Also, my understanding is that passwords are not exposed for users and hopefully the wpmudev password (or should be and if not should be adjusted in the wpmudev table or however that works) in the db tables and they would still have to actually change it.

    Anyhow, I think making it not so easy is a good thing . . .

    Hopefully something can be done in the future.

    FYI, I was just thinking about different scenarios in other security related WP issues and this all just popped in my mind when I noticed. So, hopefully it helps a bit make it a little more secure.

    :slight_smile:

    Best,

  • Aaron

    2. Go to manage and see our credit card info and when it expires, payment info, api, transaction data etc.
    3. Modify the actual membership without authorization.

    Not really true. Just the CC type, exp, and last 4 numbers are visible or in the db. Those are considered public data. We might remove that at the API side though.

    The credentials are not stored anywhere, that login actually posts to our site directly, and redirects back with your api key. Your creds never even pass through their server. API keys can only be used to access our services, not change anything or login on this site.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.