Forums

WordPress › Support » Plugins and Hacks

Networks for WordPress
Networks management page visible on all networks (3 posts)

  1. RavanH
    Member
    Posted 1 year ago #

    Hi David,

    When Networks for WordPress is activated only on the main site instead of on all networks (as far as I understand it, that does not affect proper operation) the network management page Network Admin > Sites > Networks is still visible on all networks. This means that a user that has been promoted Super Admin for one particular network, can now not only see other networks but even create new ones.

    Would it be possible to NOT allow Super Admins of other networks to be able to do this? Either by not showing the networks management page (obfuscation) on networks where the plugin is not activated or adding a specific capability (other than manage_sites) that can then be limited for specific Super Admins using a plugin like Extended Super Admins.

    In fact, the latter option, in combination with moving the networks management page to top level in the menu would in my view well suit the importance of the (core) functionality Networks for WordPress handles :)

    Thanks!

    http://wordpress.org/extend/plugins/networks-for-wordpress/

  2. David Dean
    Member
    Plugin Author
    Posted 1 year ago #

    Hi RavanH,

    If you define a constant RESTRICT_MANAGEMENT_TO in your wp-config.php file, and set its value to the ID of your main network, the Networks page will only be visible on that network.

    The plugin reads settings like this from wp-config.php because I tend to take a paranoid view of permissions when multiple networks are involved, since WP is unaware of the (possible) need for network separation. That's the only place you can protect from, say, a compromised theme installed by a super admin on another network.

    But I've been thinking a lot lately about ways to make this more friendly while ensuring security, and maybe Extended Super Admins can be a big part of that.

  3. David Dean
    Member
    Plugin Author
    Posted 1 year ago #

    And it just occurred to me that you can disable the Networks page if you remove manage_network_options from your other network super admins (i.e. with Extended Super Admins). Might be an easier way to do things!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags