I’m glad to have the opportunity to ask my first question here.
The scenario is this: My team and I released a Premium Plugin last week.
We have since received a number of requests for a Live Demo.
I’m considering creating a subdomain at demo.mysite.com, and modding the admin login page to display the demo username and password.
Will it be sufficient, from a security standpoint, just to run it on a separate WordPress installation?
Are there admin-level features I’ll want to disable?
I basically want the demo to be as realistic as possible without somehow compromising the security or integrity of my primary site.
Any advice appreciated,
If it’s a separate WordPress installation, you won’t have anything to worry about regarding the integrity of your primary site – they won’t be connected in any way.
Though to protect your plug-in, I wouldn’t just create an admin user. I’d install a role manager system and create a “Demo” userlevel with almost the same permissions as admin … minus “Edit Plugins” and any user management capabilities.
This way, people can log in as your demo user and have all of the typical powers of an admin user. But they can’t edit plugins and therefore can’t view/steal the source of your plugin. Limiting user management capabilities means they can’t work around this restriction by creating other users with custom permissions, either.
Unless you’re concerned about not mixing your main site (I assume running on WordPress) with the Demo Site, I suggest you seperate both from each other, so to have a dedicated webspace for the demo only which is not connected to your main site. This could be done via a subdomain.
Next to that I would create an auto-install script that does create a new install from time to time while resetting the whole demo-server. This will enable your users to play around with the Demo (remember those are admins) while you have the site automatically maintained.
If you need to reduce the users rights so that they are limited in the way to deal with your demo site, EAMann already made some valuable suggestions.