Anyway to set plugins conditional visible to admin of subsite?


I like CC, because I think Wordpress is not user-sensed.

If a user registered a site, he/she see all of plugin on the site, is there anyway allow the user “add” apps( it mean plugin or theme) that they added? Just like the way Shopify works.

That is much much great user friendly feature.

Any suggestions would be appreciated.

This one.
It lets you add plugins and then manage the access level for them to make available to the network the ones that you want the network to see.
The network has then the option to activate them or not.

Hello @alexlii,

If you allow users access to upload their own plugins/themes then you need to keep sites separate from each other. Otherwise, your users would be able to break the entire network of sites (and probably even take it over) without too much trouble.

1 Like


Thanks, I understand what you mean.

When I check the role capabilities, there is a network management capability related.

And I just support there should be a way to achieve that by plugin.

If that achieved, it will mostly work like Shopify, any shop owner can upload theme and plugins, Shopify never worried their platform will be took over by any shop owner, right?

Shopify has a full team of people that worry about exactly that :slight_smile:

As far as ClassicPress or WordPress, allowing people to securely upload plugins and themes to a shared multisite installation would require a ground-up rewrite. Shopify provides a template language called Liquid for this purpose, with this kind of security as one of its design goals:

Liquid is a template engine which was written with very specific requirements: […] It needs to be non evaling and secure. Liquid templates are made so that users can edit them. You don’t want to run code on your server which your users wrote.

ClassicPress is secure as long as you know what plugin and theme code is running on your site, but allowing untrusted users to upload custom code to a running site is far out of scope for ClassicPress, WordPress, or just about any other CMS. At that point you basically need to run a hosting company with proper separation between accounts and all the other stuff like monitoring for security and resource usage.

1 Like

Yes, that is great way.

Frankly, it would be real creative if Classpress can adopt that strategy.

You are welcome to create a petition for this suggestion. Go to, click New Topic and fill out the template.

1 Like