Admin column comes with a warning
-
Hi Anh,
This plugin looks interesting, although It’s a bit of a concern that the ability to lock admins out simply by ticking a box is possible.
Would it not be better to disable that column entirely, or have a “whitelist” of some kind, or some kind of emergency access link in case of administrator error?
The fact is that the Admin role should not ever be blocked from accessing the Admin area, this really goes against Best Practices.
If you’re going to add that kind of restriction, then it should be possible to block certain Administrators only if they have a second role assigned, although I still don’t think blocking Administrators from the Admin is good practice, unless this situation is only available and applicable in a Network environment where the Super Admin has that power.
There is a real danger here that if there are multiple Administrators, then one of them could use this power maliciously in case of an internal relationship turning sour, or in case of a breach a hacker could hide things from the site Admins by setting up a custom role.
- The topic ‘Admin column comes with a warning’ is closed to new replies.