Plugin Review: User Switching

If you are a WordPress developer of either themes or plugins, or you are running/building a membership site with something like WP-Members, then you may find yourself logging in and out of your test site a lot.  In building WP-Members, I find myself doing this constantly to test the plugin with different user accounts.

The User Switching plugin has made my life easier in this area, and if you are a developer, I think you’ll find it incredibly useful as well.  It is also handy for site admins that might be testing features of their site and might need to be logging in and out of various test accounts.

About The Plugin

As I mentioned, the plugin allows you to switch user accounts, and you can do this all from the WP Users screen.  The plugin was developed and is maintained by John Blackbourn, WordPress specialist at Code For The People.

This is a free plugin maintained in the wordpress.org repository.

Analysis

The first concern with any plugin that deals with user accounts is of course going to be security.  I was impressed with John’s attention to detail in this area, including use of WP nonces.  This is from the plugin description:

  • Only users with the ability to edit other users can switch user accounts (by default this is only Administrators on single site installs, and Super Admins on Multisite installs). Lower level users cannot switch accounts.
  • User switching is protected with WordPress’ nonce security system, meaning only those who intend to switch users can switch.
  • Full support for administration over SSL (if applicable).
  • Passwords are not (and cannot be) revealed

The plugin is essentially one single file.  There is not a lot to it in terms of code.  This does have the downside of needing to load with all WordPress plugins.  Personally, I would like to see a two file system, the first testing to see if the user has user editing capability (required for the plugin’s security) and if so, go ahead and load the class file for user switching.

Even without that, it is a very lightweight plugin and uses proper security controls, so it could be used on a production site, but I would recommend limiting its use to staging sites and if used on a production site, definitely limit its use to only active when needed.

The plugin supports WP standard installs, but also Multisite and BuddyPress (and WP-Members!).

Critical when considering a plugin is support.  John is active on the wordpress.org forum, so support issues are addressed in a timely manner.  This also tells you that the plugin is  continuing to be maintained.  The plugin’s most recent update just last month and it has ongoing downloads, 81,397 as I write this.  The ratings are impressively high with 79 5 star ratings and only 1 each 4 and 3 star.  The non-5 star ratings were before the new wordpress.org review system, so we don’t know the reason for that, but clearly those individuals were out of touch.  This is a 5 star plugin.

Status

Definitely Recommended!

Where To Find It

Get it in the WordPress Plugin Respository:

http://wordpress.org/plugins/user-switching/

Testing your WordPress email settings for the wp_mail function

WordPress has its own email function, wp_mail, that it uses for sending email.  There are many plugins, my WP-Members plugin included, that rely on this function to be working properly.  WordPress does not provide email settings, so how do you know if this function is working? [Read more…]

WP-Members and WordPress 3.4

WordPress 3.4 is out today and if you haven’t already begun the process of updating, you should.  It should go without saying that you should be testing the update before applying it to a production site – but don’t put things off – updating is important.  [Read more…]