Plugin audit & permissions troubleshooting - Githubissues

INN / umbrella-ffj

umbrella repository for Foundation for Financial Journalism

https://ffj-online.org/donations/

GNU General Public License v2.0

0 stars 1 forks source link

Plugin audit & permissions troubleshooting #22

Open MirandaEcho opened 4 years ago

MirandaEcho commented 4 years ago

Audit only, see separate issue for updates/clean up

Roddy's account permissions for plugin management are broken.

joshdarby commented 4 years ago

I'm going to guess that the reason he's not able to manage plugins is because this all the wp_capabilities meta value for his user is:

a:1:{s:13:"administrator";b:1;} as opposed to our largoproject user which has

a:10{s:13:"administrator";b:1;s:15:"install_plugins";b:1;s:16:"activate_plugins";b:1;s:12:"edit_plugins";b:1;s:14:"install_themes";b:1;s:13:"switch_themes";b:1;s:11:"edit_themes";b:1;s:11:"update_core";b:1;s:14:"update_plugins";b:1;s:13:"update_themes";b:1;}

joshdarby commented 4 years ago

☝️ the above is strange because all of those capabilities are added when adding a new test admin user

joshdarby commented 4 years ago

Plugins active:

[ ] Askimet
[ ] Classic Editor
[ ] Client Hosting Manager
[ ] Disqus
[ ] Insert Headers and Footers
[ ] No-Nonsense Google Analytics
[ ] Redirection
[ ] Yoast SEO

Plugins inactive:

[ ] Better WordPress Google XML Sitemaps
[ ] Co-Authors Plus

We can probably remove CAP (unless they plan to use it) and Insert Headers and Footers since it's empty. We can also probably remove Client Hosting Manager

joshdarby commented 4 years ago

@MirandaEcho I had Flywheel run this WP CLI command on their staging site:

wp cap add administrator install_plugins activate_plugins edit_plugins update_plugins

Can we have Rody try and log in on staging and see if that fixed it? Or am I allowed to update his password on staging and test myself?

Staging url: http://ffj-online.flywheelstaging.com/

joshdarby commented 4 years ago

Looks like that worked on staging so we can have Flywheel run that command on Tuesday for production.

joshdarby commented 4 years ago

Since Flywheel refuses to run the above command on prod without explicit approval from the site owner, @MirandaEcho here are our options for fixing the permissions issue with Rody's account:

ask Rody to log into his Flywheel account and ask them to run the command
download the prod db, make the update ourselves in the downloaded copy, re-upload the db to prod (has potential for downtime)
modify the live db and just replace the specific string in the db with the new string needed (also has potential for downtime if messed up)