[wp-edu] For those who host WordPress sites for others...a question on how to let a site owner update plugins

Alba Holgado albah at law.stanford.edu
Tue Oct 1 16:45:03 UTC 2013


You may want to look into building an infrastructure where site owners and
developers can work on a development instance.
Having a dev instance is helpful, as it gives site owners and developers a
safe place for enhancing and testing their sites without breaking the
production instance.
Once the desired change is made, the dev instance can be promoted to a
staging instance via a sync script  where site owners/developers can review
to ensure that nothing is broken.  If all looks good in the staging
instance, the site can be promoted to production.

I hope this helps.

On Tue, Oct 1, 2013 at 7:28 AM, Dixie Lang <ddlang at wisc.edu> wrote:

> Greetings fellow WordPress users,
> Background:
> I work in an IT department that provides WordPress hosting and support for
> three academic departments. Our users are mostly faculty and grad students,
> and the sites focus on their research labs.
> We maintain a WP multisite with about 55 sites. As the multisite sysadmin,
> I manage the themes, plugins and WP core files. I also create child themes
> and write plugins.
> Most of our sites are very simple and require little content maintenance
> (very few blog). One lab group, however, wanted social media plugins that
> did not play well with the multisite. I moved them to a separate Linux VM
> running Apache with a single WordPress installation.
> The lab owner (a faculty member) wants to be able to install and configure
> plugins on his own so he can play with Twitter plugins. He is currently
> admin on the site.
> Technical Implementation Question
> Is it possible to give a site admin on a single WP installation the
> ability to install, update, and configure plugins, but not delete them or
> touch core?
> I talked with our Linux sysadmin, and we have thought of 3 possible ways
> to do this:
> 1) By plugin
> 2) Through the VM, by creating a Linux user account then letting him enter
> than information in the WP connection screen
> 3) (worst case) Give him SSH access to the plugins folder on the VM and
> let him use a tool like WinSCP to upload the files
> Re #2, the posts I found in the WP Codex led me to believe that the user
> account entered into the WP connection screen must be in the www-data group
> or root group. That is a higher security priv that our Linux sysadmin
> prefers to give him.
> Thank you in advance for any guidance you can provide.
> Sincerely,
> Dixie Lang
> Web Developer
> Russell Labs Computing
> University of Wisconsin-Madison
> _______________________________________________
> wp-edu mailing list
> wp-edu at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.automattic.com/pipermail/wp-edu/attachments/20131001/f9dd813d/attachment.html>

More information about the wp-edu mailing list