Why does the WPMU Dev Dashboard not use an option to provide access to other site members?

Although an interesting approach, the idea of writing a line to wp-config.php to allow for additional site members to have access to the WPMU Dev Dashboard plugin, it would likely be more secure for that to be an option on the manage page.

The idea is this, if someone realizes this method is in play and gains access to the necessary files, they would be able to very easily (and quite secretly for the most part) be able to grant themselves access without the true site (super-)administrators having any knowledge whatsoever without a very in-depth (and perhaps quite costly) security analysis.

PS: I only ask this because it was quite by accident that I discovered it was even an "option" to add in the first place. The other point being (without looking at the code) what if the site admin already deleted the "admin" account? EAC.

  • Arun Basil Lal

    Hello cais,

    If someone has access to your wp-config.php, you should be worried about more important things and not access to WPMU Dev Dashboard plugin.

    What harm could someone do if he have access to the Dashboard anyway? He could probably just ask questions here.

    The reason why wp-config approach is better is, no admin can lock you out. What if someone locks you out of the Dashboard, how will you use it then?

    Hope you see my point :slight_smile:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.