One of our site administrators today switched the site theme to default, effectively wrecking the site. I'm guessing this must have been an accident, but we clearly need to do some training on what not to touch.
So, is there anyway to see which administrator did it? We know roughly the time of day it happened - are there any logs kept by WP that might offer a clue?
well, I think the problem is that he's an administrator in the first place... and that you have so many (and that you can't trust them to confess).
If you have authors who have no business changing settings, then they should have their user level set as authors or editors at most.
That doesn't really answer your immediate question, but it does solve your problem permanently.
Users should always be given the *minimum* permissions they need to do their job. If that creates personal problems, then that's where the focus of the education should go.
Thanks Ivovic ... I don't disagree with anything you said. But like I said above, I'm pretty sure it was an accident, and it's likely the person didn't even realize what they did.
I understand... and now I know precisely where the problem is.
You think giving people lower permissions is punishment.
I think it's accident prevention.
I understand... and now I know precisely where the problem is.
You think giving people lower permissions is punishment.I think it's accident prevention.
Look, I know you're trying to be helpful, but you're assuming that this is a decision that's mine to make. It's an organization where the powers that be want admin access because they're the bosses. I don't get to make that decision.
What I do get is the phone call saying "Hey, what happened?"
So, any thoughts on tracking down what happened?
I might not have the answer you want, but I'm also bumping your post, remember. I'm not preventing anyone from jumping in with the answer you want, if anything I'm keeping your question visible by discussing this with you.
Ultimately though, the answer to "what happened?" is "someone made these guys admins when they don't expressly need to be"
Part of your job in a technical role is to provide advice as to how best to proceed. If it were me, I'd pass on what I told you, and if they don't like it, then they can stop asking you who keeps breaking stuff.
*bump*
(as a side note, why do people get upset when you discuss alternatives with them? when did volunteers on a forum become mindless answer-vending machines? gimme a break. Google doesn't give opinions.)
Part of your job in a technical role is to provide advice as to how best to proceed. If it were me, I'd pass on what I told you, and if they don't like it, then they can stop asking you who keeps breaking stuff.
First, thanks for the bump.
Also, there's the very real possibility that a legitimate admin did this by mistake. Mistakes happen (OK, maybe not this particular mistake), and going forward it would be nice to be able to monitor dashboard activity.
And I didn't mean to sound upset - I'm not, just trying to be as clear as possible.
Posted 3 years ago #
Well I understand your frustration. Several CMSs that I know of, even the obsolete GreyMatter, had a log file. So does CMSMS.
So ... if that is a primary concern and if you cannot or will not implement the FIX for the problem (your admins going in and mucking about in things about which they know not), then I suggest you go looking for a CMS that does have this feature.
The better solution is, as was repeatedly suggested to you above, give people only the power that they need to do their jobs. For this, I suggest the plugin called Role Manager.
http://www.im-web-gefunden.de/wordpress-plugins/role-manager/
Heh, you can create custom roles and if you want to call a role King Poobah of Buttcrack and if it strokes the ego of whomever it needs to, then I guess it's done its job, huh?
I understand... looking for answers can be frustrating.
To address your point as directly as I can, I don't believe that wordpress logs admin activity. I hope that for your sake I'm wrong, but I am yet to see any evidence of it.
Short of trawling your server's access logs looking for hits on the theme page from known IP addresses, I don't see how you're going to get joy here.
The reason I didn't say that to begin with was that I don't believe it to be a solution in any sense of the word... and also because if you could manage trawling your webserver's access logs, you probably would have thought of that by now.
In my view, I just posted the least useful thing I've said in this thread, but it was as direct as I could be towards addressing your question.
Lets hope someone else can be more useful to you.
That's a good point joni... A 'superadmin' role, with less privileges would go a very long way :)
It's clearly a situation that isn't being handled as well as it could, and the advice here is much appreciated and will be acted upon. Thanks, all.
This topic has been closed to new replies.
