Skip to content

Backgrounds

How-to Guides

Technical References

Restricting Site Access /

Site access for VIP Support

Occasionally users with a vip_support custom user role will appear in the list of a site’s users. Temporary user accounts with the vip_support role are created in order for members of the VIP Support Team to have full access to a site’s WordPress Admin on an as-needed basis to assist with issues reported by customers or by our internal monitoring. These temporary user accounts expire after 8 hours and are removed automatically.

Caution

Blocking the ability for users with a vip_support role to be created on a site, or to obfuscate the WordPress log in portal, will also block the ability for VIP to provide comprehensive support in the event of an issue such as a site outage.

Sites with restricted permissions

In order to best support your site, it is important that vip_support users have full access to the backend of the site. When restricting access to certain actions, bear this in mind and check for capabilities with current_user_can() rather than checking a user’s role. This is also a WordPress best practice.

Sites with restricted access

Sites with restricted access implementations, including reverse proxies, must

  • make it possible for new users with the vip_support role to be created
  • provide instructions for vip_support users to access to the WordPress log in portal for a site if access to that URL has been customized.

Partial IP allow lists

For sites with partial IP allow lists, access for VIP Support can be ensured by checking for and allowing requests when true === A8C_PROXIED_REQUEST. Access can be managed by adding a version of the following conditional to vip-config.php, along with an IP check and subsequent actions within the else block:

if ( defined( 'A8C_PROXIED_REQUEST' ) && true === A8C_PROXIED_REQUEST ) {

// The request originates from WordPress VIP and should be allowed

} else {

// Restrict site access

}

Single Sign On (SSO)

For SSO solutions, if it is not possible to conditionally disable SSO login for vip_support users, then instructions for bypassing the SSO login must be provided to VIP Support. Enabling a url parameter such as wp-login.php?normal that directs users to the WordPress login portal is the simplest method.

Last updated: July 27, 2021