This is a maintenance + hardening + UX release.<\/p>\n\n
New in 1.7.2:\n* Expanded About tab with clearer purpose, scenarios, and links (plugin\/author\/support)\n* Optional settings export download (admin-only)\n* Optional 2FA reminder notice for restricted users (notice only)\n* Existing restrictions and redirect behavior refined for stability (loop prevention)<\/p>","1.7.1":"
This is a feature + hardening release.<\/p>\n\n
New in 1.7.1:\n* Admin-managed Safe Mode for other users (optional expiry; multisite-safe)\n* Activity log export (JSON\/CSV) + configurable retention with daily auto-prune\n* Custom wp-admin screen blocklists (separate lists for Safe Mode and Restrictions)<\/p>\n\n
If you use Restrictions, review settings after update (recommended: start with a single role and test with a staging user).<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3422374,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3422374,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3422374,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3422374,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.7.1","1.7.2"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3422374,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3422374,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3422374,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3422374,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3422376,"resolution":"5","location":"assets","locale":""},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3422376,"resolution":"6","location":"assets","locale":""}},"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[466,31093,22939,600,8541],"plugin_category":[54],"plugin_contributors":[252368],"plugin_business_model":[],"class_list":["post-264276","plugin","type-plugin","status-publish","hentry","plugin_tags-client","plugin_tags-hardening","plugin_tags-restrictions","plugin_tags-security","plugin_tags-troubleshooting","plugin_category-security-and-spam-protection","plugin_contributors-brendigo","plugin_committers-brendigo"],"banners":{"banner":"https:\/\/ps.w.org\/brenwp-client-safe-mode\/assets\/banner-772x250.png?rev=3422374","banner_2x":"https:\/\/ps.w.org\/brenwp-client-safe-mode\/assets\/banner-1544x500.png?rev=3422374","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/brenwp-client-safe-mode\/assets\/icon-128x128.png?rev=3422374","icon_2x":"https:\/\/ps.w.org\/brenwp-client-safe-mode\/assets\/icon-256x256.png?rev=3422374","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/brenwp-client-safe-mode\/assets\/screenshot-1.png?rev=3422374","caption":""},{"src":"https:\/\/ps.w.org\/brenwp-client-safe-mode\/assets\/screenshot-2.png?rev=3422374","caption":""},{"src":"https:\/\/ps.w.org\/brenwp-client-safe-mode\/assets\/screenshot-3.png?rev=3422374","caption":""},{"src":"https:\/\/ps.w.org\/brenwp-client-safe-mode\/assets\/screenshot-4.png?rev=3422374","caption":""},{"src":"https:\/\/ps.w.org\/brenwp-client-safe-mode\/assets\/screenshot-5.png?rev=3422376","caption":""},{"src":"https:\/\/ps.w.org\/brenwp-client-safe-mode\/assets\/screenshot-6.png?rev=3422376","caption":""}],"raw_content":"\n
BrenWP Client Safe Mode helps you troubleshoot safely and reduce risk when handing a WordPress site to clients or non-technical users.<\/p>\n\n
Safe Mode is per-user<\/em>: it applies only to the currently logged-in user who enabled it. Visitors and other users are not affected.<\/p>\n\n Administrators are never restricted by client restrictions. On multisite, super-admins are also excluded.<\/p>\n\n This plugin does not send data to external services. It performs no tracking, telemetry, analytics, or \u201cphone-home\u201d requests<\/strong>.<\/p>\n\n The plugin stores the minimum required data to provide Safe Mode and optional auditing:<\/p>\n\n The plugin:\n* Adds suggested text to the Privacy Policy Guide (Settings \u2192 Privacy)\n* Registers a personal data exporter and eraser for the Safe Mode user meta<\/p>\n\n On uninstall (delete), the plugin removes its options, optional log option, Safe Mode user meta, and (best-effort) the optional This plugin follows WordPress hardening best practices:<\/p>\n\n Assumptions and scope:<\/p>\n\n If Restrictions \u2192 Lock profile email\/password<\/strong> is enabled and your account is restricted, you will not be able to change your own email or password. Contact an administrator.<\/p>\n\n If you rely on legacy services that require XML-RPC (some old mobile apps \/ integrations), disable General \u2192 Disable XML-RPC<\/strong>.<\/p>\n\n A configured policy blocked a sensitive admin screen. Review:\n* Restrictions \u2192 Block direct screen access<\/strong> (for restricted roles)\n* Safe Mode \u2192 Block risky admin screens<\/strong> (for your account if Safe Mode is enabled)<\/p>\n\n Filters:\n* No. Safe Mode is per-user. Visitors and users without Safe Mode enabled see the normal site.<\/p><\/dd>\n Administrators are never restricted by client restrictions (role\/user targeting). If an administrator enables Safe Mode for their own account, optional Safe Mode policies (like blocking file modifications) can apply to that account.<\/p><\/dd>\n Yes. In the Restrictions<\/strong> tab, you can select a specific user account in Restricted user (optional)<\/strong>. This applies the same restrictions even if that user\u2019s role is not selected. Administrators (and multisite super-admins) are excluded to prevent lock-outs.<\/p><\/dd>\n It stores a per-user Safe Mode flag so it can remember whether Safe Mode is enabled for that account. If auto-expiry is enabled, it also stores an expiry timestamp. No tracking, analytics, or external requests.<\/p><\/dd>\n When you uninstall (delete) the plugin, it removes its options, its activity log option, Safe Mode user meta, and the optional bren_client role (best-effort).<\/p><\/dd>\n To prevent state changes via GET requests (and potential link prefetch), the admin bar toggle submits the action as a POST request. This is handled using lightweight JavaScript.<\/p><\/dd>\n\n<\/dl>\n\n\nSafe Mode (per-user) can optionally<\/h4>\n\n
\n
Client restrictions (role-based + optional user targeting) can<\/h4>\n\n
\n
General hardening (site-wide, optional)<\/h4>\n\n
\n
Privacy<\/h4>\n\n
Data stored on your site<\/h4>\n\n
\n
brenwp_csm_options<\/code> option (site option). This contains your configured settings.<\/li>\nbrenwp_csm_activity_log<\/code> option only if Activity logging is enabled<\/strong>. This log is bounded by Max entries<\/strong> and can optionally be pruned by age (Retention days).<\/li>\nbrenwp_csm_last_settings_change<\/code> and a short-lived lock key used to avoid concurrent log writes.<\/li>\n\n
brenwp_csm_safe_mode<\/code> (on\/off flag for a user)<\/li>\nbrenwp_csm_safe_mode_until<\/code> (optional expiry timestamp if auto-off is enabled)<\/li>\n<\/ul><\/li>\n<\/ul>\n\nData minimization and retention<\/h4>\n\n
\n
\n
Privacy tools<\/h4>\n\n
Data deletion<\/h4>\n\n
bren_client<\/code> role if it was created by the plugin.<\/p>\n\nSecurity<\/h3>\n\n
\n
manage_options<\/code> by default, filterable).<\/li>\n\n
Troubleshooting<\/h3>\n\n
I don\u2019t see the Safe Mode toggle in the admin bar<\/h4>\n\n
\n
My profile email\/password cannot be changed<\/h4>\n\n
XML-RPC stopped working<\/h4>\n\n
I get redirected with an \u201cAccess blocked\u201d notice<\/h4>\n\n
Safe Mode is enabled but I want to turn it off<\/h4>\n\n
\n
Developer Hooks<\/h3>\n\n
brenwp_csm_required_cap<\/code> \u2014 change the capability required to manage this plugin (default: manage_options<\/code>).\n* brenwp_csm_presets<\/code> \u2014 customize Dashboard presets (label\/description\/patch arrays).\n* brenwp_csm_create_client_role<\/code> \u2014 return false<\/code> to prevent creating the bren_client<\/code> role on activation.\n* brenwp_csm_client_role_caps<\/code> \u2014 customize capabilities assigned to the bren_client<\/code> role on activation.\n* brenwp_csm_remove_client_role_on_uninstall<\/code> \u2014 return false<\/code> to keep the bren_client<\/code> role during uninstall cleanup.<\/p>\n\n\n\n
\n
Does Safe Mode affect visitors?<\/h3><\/dt>\n
Will administrators be restricted?<\/h3><\/dt>\n
Can I restrict a single user without creating a new role?<\/h3><\/dt>\n
Does this plugin collect personal data?<\/h3><\/dt>\n
How do I remove all plugin data?<\/h3><\/dt>\n
Why does the admin bar Safe Mode toggle require JavaScript?<\/h3><\/dt>\n
1.7.2<\/h4>\n\n
\n
1.7.1<\/h4>\n\n
\n
1.7.0<\/h4>\n\n
\n
1.6.9<\/h4>\n\n
\n