I’m glad to have the opportunity to ask my first question here.
The scenario is this: My team and I released a Premium Plugin last week.
We have since received a number of requests for a Live Demo.
I’m considering creating a subdomain at demo.mysite.com, and modding the admin login page to display the demo username and password.
Will it be sufficient, from a security standpoint, just to run it on a separate WordPress installation?
Are there admin-level features I’ll want to disable?
I basically want the demo to be as realistic as possible without somehow compromising the security or integrity of my primary site.
Any advice appreciated,
SethMerrick
If it’s a separate WordPress installation, you won’t have anything to worry about regarding the integrity of your primary site – they won’t be connected in any way.
Though to protect your plug-in, I wouldn’t just create an admin user. I’d install a role manager system and create a “Demo” userlevel with almost the same permissions as admin … minus “Edit Plugins” and any user management capabilities.
This way, people can log in as your demo user and have all of the typical powers of an admin user. But they can’t edit plugins and therefore can’t view/steal the source of your plugin. Limiting user management capabilities means they can’t work around this restriction by creating other users with custom permissions, either.
