WP Hive » Troubleshooting and How-To

A Somewhat Complicated Structure Question

(4 posts)

  1. db
    Member

    Hi there. First off, thank you SO much for the wp-hive plugin. It works so well. I have a couple of questions about structuring a project that I'm working on.

    I know that WP-Hive is recommended for environments where all admins are trusted to have full access, but I'm creating a network of student blogs and I just don't want to get into WPMU if I can help it. I'm thinking of using the Role Manager plugin to restrict what each student can control on their blog and manually creating them as users with restricted access (i.e. to only change/modify their themes, add pages and posts... nothing that will cause too much damage)

    I know that that will be something of a tedious process to set up, but it's a good enough workaround for me, especially looking forward toward the 1.0 release and the possibility of a unified admin and/or more detailed control and the development of an API that *might* integrate with the upcoming 1.0 release of BuddyPress down the road. I won't need the student blog functionality until late August/September at the earliest.

    Is that setup *still* risky for any particular reason? Assuming that the students have limited admin access and simplified dashboards(via Role Manager and other plugins) and I simply set up identical super-admin accounts in each of their blogs, would the whole hive still be safe from harm, AND would this easily transition into a shared-admin setup when and if that functionality is built in?

    Also, if this works, I'd like to have the students select from a standard group of templates, but be able to make some customizations. If I use a theme with its own admin, are those changes applied across the entire install? I'm just not sure where those types of changes are stored in the theme, whether changes are made in the original theme files or whether an additional CSS file is appended or what.

    Posted 3 years ago #

  2. ikailo
    Developer

    Hi db, glad to hear WP Hive is working for you.

    The most significant reason for restricting admin access is that a user could upload or change code on the server and potentially gain access to the entire database, since it is a shared database.

    If you restrict all types of file access to the server by providing standard themes and plugins, and by not allowing editing or uploading access to them, then it *should* be ok.

    All your plugins and themes would need to be verified as safe as well. The other thing to check is whether or not media uploads are checked for executable code. I would not want someone to upload an executable .php file to an upload directory. (I can't imagine WP allows it now, but better to be safe than sorry)

    I provide the warning because I personally *do not know* exactly where the vulnerable points of WordPress are, and it's better to provide a blanket warning and not get into hot water when someone breaks something.

    If you want to try it, then by all means go ahead. :) Just be sure you know what you are doing!!

    Posted 3 years ago #

  3. ikailo
    Developer

    One other thing when it comes to this type of setup.

    The uploads directory is currently shared between all the blogs, so there is a potential for a conflict / overwrite if two users on different blogs upload a file with the same name to the same folder. Just something to bear in mind..

    Posted 3 years ago #

  4. db
    Member

    aha. Thanks for the heads up. I definitely didn't think about the uploads folder, and that definitely would have happened. I'll do some poking around on a test installation and see if I can make it work. It might be better in the long run to just keep these separated... I might be underestimating the technical savvy of these students.

    Posted 3 years ago #

RSS feed for this topic

Reply

You must log in to post.