Role selection & security question

  • Hi,

    we were just recommended and tried out your “Temporary Login Without Password” plugin.

    It seems to work without any issues and we are quite happy to have gotten the possibility of having people log in, without compromising our own login and password.

    However, we have two questions. At the moment, we have a smaller issue with a 3rd-party plugin. The vendor of said plugin is requesting access to our site and told us “not to worry” as they “are only checking the issue and won’t change anything within the WordPress site”.

    Hence, someone recommended your plugin.

    However, we now are left with two open questions:

    1. When creating a temporary access link in the plugin, there are seven different “roles” to provide the user with starting with “Webshop executive” to “Administrator”. Which role should a website owner give a 3rd-party vendor in this case if that vendor needs to check on their own faulty plugin and the functioning of the very same? Administrator seems quite extreme but is – maybe – required to fix issues in their plugin?
    2. The advantage of the temporary link is obvious. The vendor can access the page for a given amount of time and after that, access is revoked. However, even for that short amount of time – if that vendor has administrator rights – doesn’t that mean, that he/she has the possibility to maliciously change, deface or otherwise, wreck our site? Assuming that administrator rights are given, the same rights we have now will – in this case – apply to the vendor, correct? And if so, can preventative measures be taken, other than reestablishing the site from backups, things should go south?

    Thanks in advance for your time and help.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter shieldfactory

    (@shieldfactory)

    Would anybody be able to kindly help us out in terms of our issue?

    Thanks.

    Hi @shieldfactory,

    Thank you for reaching out to us and sharing your inquiry.

    Regarding the first point, for effective issue debugging on the website, it’s advisable to have administrative access. This access enables the individual to enter the dashboard and comprehensively understand the problem. As a result, granting administrative access is ideally the preferred approach for third-party users.

    As for the second point, it is highly recommended to create a backup of the site before providing access to anyone.

    Another precautionary measure is to grant access to a staging site to the third-party user. This way, they can identify the issue, and once resolved, the solution can be applied to the live site.

    Applying this practice will effectively safeguard your site’s information.

    Many thanks!

    Thread Starter shieldfactory

    (@shieldfactory)

    @shubhanshukandani

    Thanks so much for your reply and for clarifying the above. The staging site sounds like an incredible cool idea. We are currently attempting to establish such a site via our ISP which we then can provide a link to for the third-party if working as intended.

    Wishing you a very pleasant weekend.

    Thanks again for the time and effort that you took to help us out.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Role selection & security question’ is closed to new replies.