Site access for VIP Support

Occasionally users with a vip_support custom user role will appear in the list of a site’s users. Members of the VIP Support Team will create temporary user accounts with the vip_support role, granting full access to a site’s WordPress Admin on an as-needed basis, to assist with issues reported by customers or by our internal monitoring. These temporary user accounts expire after 8 hours and are removed automatically.

Sites with restricted permissions

To best support your site, vip_support users must have full access to the backend of the site. When restricting access to certain actions, follow WordPress best practices and check for capabilities with current_user_can() rather than checking a user’s role.

Sites with restricted access

Sites with restricted access implementations, including reverse proxies, must:

• Allow new users with the vip_support role to be created
• If necessary, provide instructions for accessing a customized WordPress log in portal.

Partial IP allow lists

For sites with partial IP allow lists, use the is_proxied_request() helper function to ensure that requests made from VIP’s proxy servers have access by checking for and allowing requests when true === A8C_PROXIED_REQUEST.

To manage access for VIP Support, add a version of the following conditional to a plugin in the /client-mu-plugins directory, along with an IP check and subsequent actions within the else block:

if ( is_proxied_request() ) {

// The request originates from WordPress VIP and should be allowed

} else {

// Restrict site access

}

Single Sign On (SSO)

For WordPress sites that have Single Sign-On (SSO) enabled, if it is not possible to conditionally disable SSO login for vip_support users, then instructions for bypassing the SSO login must be provided to VIP Support. Enabling a URL parameter such as wp-login.php?normal that directs users to the WordPress login portal is the simplest method.