Support » Requests and Feedback » level to deny wp-config access but grant template

  • i want to allow template editing for index.php and wp-layout.css and the usual plugin phps but disallow wp-config.php and the file entry box in general.
    reason: i do not want the users to see and edit the database info.
    imho wp-config.php should be off limits (not even viewable) for everyone but site admin.
    I also would like to allow certain plugins depending on user level.
    is this possible?
    cheers
    ai.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Mark (podz)

    (@podz)

    Support Maven

    If a user has acess to the template edit screen, and knows how to then access other files from that, then I cannot see how that can be stopped.
    The system has no way of knowing that it is not you logged in, so setting file permissions is not an option, and again user levels are coded well into wordpress.
    Again it comes back to being very careful about who you promote.

    Well why not get the guy to edit locally and ftp. Not quite the same solution, but the same result.

    if users have ftp access they can view whatever files they want. ftp access is out of the question.

    Well they could send the file to you by email. Or ftp them to one dir for you to transfer. My point is you may be in pursuit of a chimera anyway. Many of us avoid editing in the template editor unless we only have browser access to our blogs. Normally we use our normal web tools.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘level to deny wp-config access but grant template’ is closed to new replies.