Change WordPress user roles and capabilities Forums Give user access to plugin – how to Need to give plugin developer plugin edit rights

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #6076
    raretx
    Participant

    Hi, I’m having an issue with a plugin and the plugin developer has requested the ability to edit that plugin; however, in spite of having given the user permissions to the plugin itself (via Per Plugin Access module), to edit plugins, AND to access the Plugin Editor menu item, whenever the user selects the plugin to edit via the Plugin Editor, it is taken to the Dashboard.
    Am I missing a permissions setting?

    #6077
    Vladimir
    Keymaster

    Hi,

    Let me share some info/recommendations.

    When you allow someone to edit PHP code at your site, there is no sense to restrict that person somehow. You have to just trust the developer.
    Having access to arbitrary PHP code execution developer can with just one line of a PHP code wp_insert_user(); create new user with ‘administrator’ role, re-login and get full permissions at the site.

    Any code editing should be done at the stage/development copy of the site.

    In relation to the auto-redirection to dashboard, I suppose that you blocked some admin menu items for this user role via Admin menu access add-on and use ‘Block Not selected’ option. Read more carefully this part of the article.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.