Okay, I have been on wordpress since 2006, but just started to dabble with bbpress. I am launching a forum for our company intranet. Due to security our IT department has locked down the ftp to the server. However, we want to install a bbpress plugin like “One Click Updater” (used for wordpress). I have found the plugin browser, but I haven’t found anything for uploading themes. Does anyone know of a plugin that I can use for this? Also, as I have poked around the admin I noticed that there isn’t a theme editor. Does that require a hack or another plugin? This would be very helpful. Please let me know as soon as possible. Thanks!
bbPress isn’t a plugin, and if you can’t FTP or SSH in, I don’t think there’s an easy way to install it. What a silly IT department! SFTP and SSH are perfectly safe!
Sorry, I wasn’t clear. I know that bbPress is not a plugin. This is abundantly clear. However, I am looking for a plugin similar to what you can find in a regular wordpress blog (One Click Updater) to add to bbPress that will give uploading capability inside the bbPress admin.
When you are supporting a large company of 1,000+ employees restricting access is very prudent. We have learned in the past the damage many hands can do to a site (particularly, if they are marketing hands, which are the one’s who want to change the bbPress theme).
Any insight on finding such a plugin would be very appreciative!
That plugin doesn’t exist (yet). Sorry.
And you can restrict access while still allowing web designers to access what they need to install software. It’s silly to prevent ALL access just to stop SOME people. A web designer/developer should have access to SFTP or however you want to upload files. A marketer should not.
Ah I had never seen the One Click Updater for WordPress… that’s a neat plugin!
I haven’t seen anything similar for bbPress. Has the plugin been audited for security holes? If it was compromised, that would be one scary situation!!
I’m guessing it could be ported over to bbPress pretty easily… plugins and themes work pretty similarly across the two *Press platforms.
@Ipstenu: Unfortunately, there are no resources allocated for a designer on this project. So, we have to just use the free themes that are provided and it is the marketing department who will be over the themes. It is what it is and hopefully we can make it work.
@ johnhiler: I did not know that the plugins could cross platforms, that’s good news (and I am glad I could introduce you to One Click, it is a really good plugin).
WP has, built in, a one-click updater for themes, plugins and the core. If you’re on WP 2.7 or 2.8, you don’t need a plugin at all. You can search for and download themes and plugins from the admin interface.
Like as not, this functionality will eventually be included with BB, but it’s probably low on the list.
@Ipstenu: Yeah, I was excited to see further functionality like One Click Updater added to wp2.8. Now the only thing missing from 2.8 is an uploader for 3 party plugins and themes (which One Click Updater has), but I guess you can just download it to your computer and than upload it with 2.8. However, it is nice to be able to upload straight from the url.
Another question concerning bbPress. Do you know a hack that will allow us to put the theme editor into bbpress (like how wp does it)?
I don’t think there’s a theme editor built into bbpress… but I would highly recommend against it.
There’s been a recent WordPress virus which has hit thousands of of sites, and used the theme-editor as an attack vector:
My WordPress install was hit, and I was able to confirm from my access logs that the attacker attempted to use theme-editor as an attack vector. I’m actually deleting the theme editor from my WordPress install, even though I haven’t enabled write permissions on the theme folders… just because the whole experience was so traumatic.
Huh, this would explain why, suddenly, my site was hammered. Between this and the Apache DoS flaw they just found, I’m glad I hardened my server!
@johnhiler: That makes a lot sense to me. I have three servers full of wordpress blogs and for the last three months I have been hammered with viruses and hacks. This is something I need to pass onto my server admin!
However, for the specific project I’ve mentioned above our forum will reside on the company intranet. We are behind a firewall and only those from our company can access the forum. So, I would still like to add an editor. Can anyone point me to documentation on how to do this?
By the way, I really appreciate the input from both Ipstenu and johnhiler. It helps as I stumble around figuring out bbpress!
Does your IT department have VPN’s setup, so that workers can access the network from remote locations? My company has servers behind the firewall, but I can access them once I VPN in…
Yes, we have VPN but if any damage was done we could quickly isolate the problem. We have had VPN activated for years without any issues.
The problem, as I see it, is that you need both web-based file editing capabilities (for the theme), but probably also file UPLOADS and such for upgrades (since bbpress isn’t click-to-upgrade yet, and neither are a lot of apps out there).
Mrh. The best way is to get your server dude to upload the files for you, but that gets REALLY annoying REALLY fast. How did you get bbPress installed in the first place?
(I do understand why they do this, I just think they’re stupid. I spent a month arguing that it was just as safe to give me, and ONLY me, access to upload to my folder at work, since it’s not like the server guy wasn’t just copying up what I gave him. In the end, the server guy said he had better things to do with his time and they gave me access.)
WordPress and bbPress permission levels work a little differently… bbPress doesn’t have an “editor”. In addition to the basic level of “Member”, we have Moderators, Administrators, and Keymasters.
What sort of things do you want your editor to be able to do?
It’s kind of hilarious they have blocked ftp yet template upload and edits via php can completely open your system to security vulnerabilites. We’re still trying to figure it out but I have a strong suspicion of the WordPress
theme-editor.phpcausing a large number of WordPress sites to get compromised recently:
The day bbPress gets a built in theme-editor, delete the file immediately.
Also delete xmlrpc.php unless you absolutely need trackbacks/pings.
And never, ever, use a dictionary word within a WordPress password as there’s no limit on login attempts.
@johnhiler: Sorry for the confusion. I am not talking about a role permission with bbpress. I am actually talking about the Theme editor that wordpress has. That way theme modifications can be made without having to use ftp. It looks like though that I am not going to get that luxury.
Ah I see – you’d like to add a theme editor to bbPress?
The Theme editor is what I mentioned earlier as a huge existing potential security hole in WordPress. It seemed to be a major attack vector in the recent Bablooo spammer attack, which hit one of my sites; it allowed the virus to add spam links to existing posts. If they had wanted to, they could have easily overwritten the posts completely – or even deleted them.
I would highly encourage you to delete the theme editor file from any existing WordPress installs… at least until WordPress has diagnosed the vulnerability and if appropriate, issued a patch.
But if you feel safe behind your firewall… I suppose you could pay a developer to build a plugin which lets Adminstrators and above write to your file system using the bbPress admin. There’s definitely no existing bbPress plugin that I’m aware of! Maybe WordPress’s code could be ported…
- You must be logged in to reply to this topic.