Admin access override

Hi,

Many thanks for your feedback on this feature. The admin override can be useful during development but you should keep it turned off on a production site.

Regaring the group restrictions, this is going to change – currently (Groups 2.0.3) you must be a member of a group to use it to restrict access and in the next release about to come out, this is not required anymore for user accounts with appropriate permissions. Usually, an admin would be allowed to apply any group without the need to belong to it.

I suppose this can be marked as resolved, but please feel free to ask further if you need more help or have any suggestions.

Cheers

Hi Kento,
many thanks for great addon & support! While I totally agree on changes to the restriction behaviour regarding admin membership, may I argue a bit on the admin overrides, if you don’t mind? I still think it’s a security issue.

The idea of setting DISALLOW_ directives as I see it is to prevent intruder or malitious script, that somehow gained access to admin, from modifying your files (usually to insert some malware, redirects etc.) But what’s the point in these directives if such intruder (ofc if is aware of the Groups addon) could easily switch on “Override” option and ignore those safety measures?

Hi @notanyone

In the latest release 2.1.1 the access override has been removed as an option from the admin interface and can now only be activated by defining the constant GROUPS_ADMINISTRATOR_OVERRIDE as true (in wp-config.php).

Many thanks again for your feedback!