Extended License – livemesh Account accessible in WP admin

Support Forums for LiveMesh Themes & Plugins Forums Beaver Builder Addons Support Extended License – livemesh Account accessible in WP admin

This topic is: not resolved

This topic contains 9 replies, has 2 voices, and was last updated by Raghavendra Raghavendra 1 month ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #30699
    Madmix
    Madmix
    Participant
    Post count: 9

    Hi,
    I had purchased the “Addons for Beaver Builder Pro – Extended”-License a few months ago.With this license I can use the plug-in on client websites and even bundle it with premium themes.

    Now, after the recent update and your “fusion” with Freeminus there are several issues:

    1. I had to insert the license code again, and (it happened so fast, but …) I have been asked to agree, that Freeminus is allowed to collect my datas, this was the only way to activate the license.

    2. In the WordPress admin area you can now access my Livemesh account.

    This means:

    In WordPress back end you can see
    1.) my email address (of livemesh account)
    2.) my full name
    3.) The Public Key
    4.) The Secret Key
    5.) Plan
    6.) License Key
    7.) Billing (I don’t have, because I have the lifetime license)
    8.) Payments

    In WordPress back end you can change
    1.) my email address (of the livemesh account)
    2.) my full name
    4.) The Secret Key
    5.) Plan
    6.) License

    Think a bit:
    I have built a website for a client and installed Beaver Builder and Beaver Addons. The client wants to maintain the website himself. He hires a SEO specialist and gives him access to the admin backend. Or after months he hires another webdesigner. Or he gives his employees access to the backend and and and or so on.

    All of them could:
    Change the email adress of my livemesh account, navigate to livemesh, hit “forget password” and the password will be sent to the changed email address.

    And this is only one scenario. And what is with privacy?

    Are you kidding? Really. Please change this asap.

    #30703
    Raghavendra
    Raghavendra
    Moderator
    Post count: 4501

    Thanks for your concern. I checked with freemius support and I am told there is a way to hide the account information (I was sure this is something they have dealt with before). Will get back to you as soon as I hear more details on this.

    Also, a full membership site for buyers is expected to be launched from freemius in next 1-2 months and probably the accounts page will become redundant then.

    #30705
    Madmix
    Madmix
    Participant
    Post count: 9

    Thanks for your fast reply.

    there is a way to hide the account information

    Hopefully you don’t mean display:none; what is visible and editable with every browser development tool (or firebug).

    License keys should be encrypted and never be displayed “readable” anywhere. The option to change access data (like email address e.g.) should not be possible in the WordPress backend, only hiding does not help.

    #30706
    Raghavendra
    Raghavendra
    Moderator
    Post count: 4501

    I am working with freemius on this. I believe it should be a freemius server setting so that the data is not available at the client level without an explicit setting. You can also email support [at] freemius [dot] com with your account information (email address) about your concerns/suggestions and I am sure they will be happy to address the same.

    Only way that I am aware of at present is by making this change to plugin code at line number 81 of addons-for-beaver-builder.php –

    
                    'menu'                => array(
                        'slug'           => 'livemesh_bb_addons',
                        'support'        => false,
                        'account'        => false,
                    ),

    which will remove the accounts page but again the page will be accessible by typing the URL in the browser though. It is not really hiding via CSS but the link to the accounts page will be removed. The developer tools source won’t show the information until you type in the exact url.

    But again, this code change would get overwritten by updates to the plugin and I am working with freemius on best way to go about this.

    #30725
    Raghavendra
    Raghavendra
    Moderator
    Post count: 4501

    The best way for someone to manage these menus is through filters entered in the functions.php of the child theme. Pls see below an example (turn on/off submenus as per your preference) –

    add_filter('fs_is_submenu_visible_addons-for-beaver-builder' , 'mytheme_hide_unwanted_fs_submenus', 10, 2 );
    
    function mytheme_hide_unwanted_fs_submenus($current_pref, $menu_slug) {
    
        if ($menu_slug === 'account')
            return false;
        elseif ($menu_slug === 'support')
            return false;
        elseif ($menu_slug === 'pricing')
            return false;
        elseif($menu_slug === 'contact')
            return false;
    
        return $current_pref;
    }

    I feel this is reasonable enough although not bullet proof since someone can still access that page by typing the URL. Hopefully that someone who has access to your client’s site will be responsible enough that they don’t hack their way around looking for license data. My experience is that lots of plugins/themes have their license information stored as an option in the DB and this is not much different. If they don’t, they will be forced to connect to a remote server for every request, affecting performance.

    #30749
    Madmix
    Madmix
    Participant
    Post count: 9

    Thank you for your efforts. However, I think the only satisfactory solution will be not to integrate access to the Livemesh account into the program.

    #30767
    Raghavendra
    Raghavendra
    Moderator
    Post count: 4501

    Let’s hope we will have the memebership site done in next month or so and then we can request the freemius folks to move out the user settings from the wordpress admin or at least provide a way to remove the page.

    #30942
    Madmix
    Madmix
    Participant
    Post count: 9

    hello, any news here? Livemesh addons are unusable under these circumstancies.

    #30944
    Raghavendra
    Raghavendra
    Moderator
    Post count: 4501

    The Freemius team just confirmed that they are at the final stages of the development of membership site and it will be released in the next 2-3 weeks. I explained them the situation and they are doing their best to expedite it.

    Meanwhile, they suggested you add define( 'WP_FS__DEMO_MODE', true ) to the wp-config.php of your client site which will hide the account and pricing pages.

    #30978
    Raghavendra
    Raghavendra
    Moderator
    Post count: 4501

    The members dashboard is ready. You can check your license, download updates, manage your websites, print invoices etc. in the Freemius members dashboard here –

    https://users.freemius.com/store/741/

    Pls use the option ‘Never received the password’ to receive a link to login to the site.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.