- This topic has 15 replies, 3 voices, and was last updated 4 years, 6 months ago by
.
-
Posts
-
Hi,
I had purchased the “Addons for Beaver Builder Pro – Extended”-License a few months ago.With this license I can use the plug-in on client websites and even bundle it with premium themes.Now, after the recent update and your “fusion” with Freeminus there are several issues:
1. I had to insert the license code again, and (it happened so fast, but …) I have been asked to agree, that Freeminus is allowed to collect my datas, this was the only way to activate the license.
2. In the WordPress admin area you can now access my Livemesh account.
This means:
In WordPress back end you can see
1.) my email address (of livemesh account)
2.) my full name
3.) The Public Key
4.) The Secret Key
5.) Plan
6.) License Key
7.) Billing (I don’t have, because I have the lifetime license)
8.) PaymentsIn WordPress back end you can change
1.) my email address (of the livemesh account)
2.) my full name
4.) The Secret Key
5.) Plan
6.) LicenseThink a bit:
I have built a website for a client and installed Beaver Builder and Beaver Addons. The client wants to maintain the website himself. He hires a SEO specialist and gives him access to the admin backend. Or after months he hires another webdesigner. Or he gives his employees access to the backend and and and or so on.All of them could:
Change the email adress of my livemesh account, navigate to livemesh, hit “forget password” and the password will be sent to the changed email address.And this is only one scenario. And what is with privacy?
Are you kidding? Really. Please change this asap.
Thanks for your concern. I checked with freemius support and I am told there is a way to hide the account information (I was sure this is something they have dealt with before). Will get back to you as soon as I hear more details on this.
Also, a full membership site for buyers is expected to be launched from freemius in next 1-2 months and probably the accounts page will become redundant then.
Thanks for your fast reply.
there is a way to hide the account information
Hopefully you don’t mean
display:none;what is visible and editable with every browser development tool (or firebug).License keys should be encrypted and never be displayed “readable” anywhere. The option to change access data (like email address e.g.) should not be possible in the WordPress backend, only hiding does not help.
I am working with freemius on this. I believe it should be a freemius server setting so that the data is not available at the client level without an explicit setting. You can also email support [at] freemius [dot] com with your account information (email address) about your concerns/suggestions and I am sure they will be happy to address the same.
Only way that I am aware of at present is by making this change to plugin code at line number 81 of addons-for-beaver-builder.php –
'menu' => array( 'slug' => 'livemesh_bb_addons', 'support' => false, 'account' => false, ),which will remove the accounts page but again the page will be accessible by typing the URL in the browser though. It is not really hiding via CSS but the link to the accounts page will be removed. The developer tools source won’t show the information until you type in the exact url.
But again, this code change would get overwritten by updates to the plugin and I am working with freemius on best way to go about this.
The best way for someone to manage these menus is through filters entered in the functions.php of the child theme. Pls see below an example (turn on/off submenus as per your preference) –
add_filter('fs_is_submenu_visible_addons-for-beaver-builder' , 'mytheme_hide_unwanted_fs_submenus', 10, 2 ); function mytheme_hide_unwanted_fs_submenus($current_pref, $menu_slug) { if ($menu_slug === 'account') return false; elseif ($menu_slug === 'support') return false; elseif ($menu_slug === 'pricing') return false; elseif($menu_slug === 'contact') return false; return $current_pref; }I feel this is reasonable enough although not bullet proof since someone can still access that page by typing the URL. Hopefully that someone who has access to your client’s site will be responsible enough that they don’t hack their way around looking for license data. My experience is that lots of plugins/themes have their license information stored as an option in the DB and this is not much different. If they don’t, they will be forced to connect to a remote server for every request, affecting performance.
Thank you for your efforts. However, I think the only satisfactory solution will be not to integrate access to the Livemesh account into the program.
Let’s hope we will have the memebership site done in next month or so and then we can request the freemius folks to move out the user settings from the wordpress admin or at least provide a way to remove the page.
The Freemius team just confirmed that they are at the final stages of the development of membership site and it will be released in the next 2-3 weeks. I explained them the situation and they are doing their best to expedite it.
Meanwhile, they suggested you add
define( 'WP_FS__DEMO_MODE', true )to thewp-config.phpof your client site which will hide the account and pricing pages.The members dashboard is ready. You can check your license, download updates, manage your websites, print invoices etc. in the Freemius members dashboard here –
https://users.freemius.com/store/741/
Pls use the option ‘Never received the password’ to receive a link to login to the site.
Thank you for the infos, I could login there.
However the problem persists. The plugin is unusable for client websites.I will disable the accounts screen for next updates since it is no longer relevant with the rollout of membership site. For now, you can use the wp-config.php entry. That should resolve the issue. If the user wants to hack around and access account details through the freemius API, I guess they can always do so. This can be done only by an admin who has valid credentials to client site.
define( 'WP_FS__DEMO_MODE', true );
does its job. But if the client hire e. g. a seo profi to optimize the page, or an employer, who does the admin work and has access to FTP, etc.They all could access my personal data, and change the subscription etc.
Good to hear, that you will disable it. THANK YOU!!!
If the user wants to hack around and access account details through the freemius API, I guess they can always do so.
No, he could not. If the informations are not available.
Please, please, I am waiting now for 6 months for the update. I purchased a lifetime unlimited licencse to use livemesh for beaver builder on client websites. But I can’t use it, when my credentials are available.
This also does not correspond to GPDR rules.
I have also purchased elementor pro. But I don’t purchase livemesh addons for elementor for a simple reason: I can’t use it.
- The forum ‘Beaver Builder Addons Support’ is closed to new topics and replies.