I love the new dashboard for the plugin but it leaks the private details of the WPMU member whose API is used to activate it.
Is there a failsafe way to hide it from clients when installed in their sites.
I know I can hide the branding by adding this to wp-config.php:
I know I can ensure that only one specific user can see the plugin.
But, what happens when a client with a bit of technical know-how makes a few changes to show the update plugin's dashboard?
I don't want my clients to see my WPMU API key, my billing info and WPMU profile.... It's a bit of a security risk.
As it is, I now need to login to my clients' sites (past and present) to ensure they can't see these details after they update the plugin.
What's the solution?
Does anyone know how to create a backdoor user for the plugin so that the user is invisible to the site owner? (I don't like this option but it may be the best solution for now)
How many developers who have installed the update plugin into their clients' sites will now have their WPMU profile details on show to their clients?
I think an update needs to be rushed out pretty quickly. Maybe one that allows us to enable the plugin dashboard in only those sites/domains configured within the wpmudev.com profile settings (similar to how the whitelabel videos work).