Security between multisite sub-sites

  • Matt

    (@syntax53)


    10 years ago

    So I’ve been running on some assumptions and can’t really find any clarification anywhere so I figured I would finally just post and ask–

    Since multisite installations share a database (and obviously file system) the only thing that prevents an author of a subsite from accessing the main site or another subsite’s data is by not allowing them any means of doing so. By that I mean not giving the author/manager of another site the ability to edit themes/plugins and/or install plugins that would give them any sort of php coding / mysql querying capabilities.

    For example, I recall seeing this plugin awhile back: https://www.ads-software.com/plugins/php-code-widget/. It does say in the plugin’s description, “Only users with the unfiltered_html role will be allowed to insert unfiltered HTML.”

    Basically what I’m getting at is, first of all, are my assumptions correct? And secondly, is there a guide somewhere to setting permissions for authors/editors of other subsites with security in mind? I know one of the people that will be managing a future subsite is very knowledgeable and I’m thinking I may need to provide him a completely separate wordpress install for maximum security as I know he’ll be asking for additional permissions down the line.

    Thanks

Viewing 1 replies (of 1 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Don’t bump please. It doesn’t actually help.

    Users only have access to sites they’ve been explicitly added to.

    SuperAdmins are the only ones with unfiltered HTML access.

    SuperAdmins are the only ones who have access to add/edit themes and plugins.

    Per-Site Admins can activate plugins, if that option is chosen in Network Settings.

Viewing 1 replies (of 1 total)
  • The topic ‘Security between multisite sub-sites’ is closed to new replies.