BrenWP Client Safe Mode

BrenWP Client Safe Mode helps you troubleshoot safely and reduce risk when handing a WordPress site to clients or non-technical users.

Safe Mode is per-user: it applies only to the currently logged-in user who enabled it. Visitors and other users are not affected.

Safe Mode (per-user) can optionally

• Block access to risky wp-admin screens (plugin/theme management, core updates, Site Health, and update actions)
• Disable file modifications (plugin/theme installs, updates, editors)
• Optionally block update/install capabilities (prevents running updates/installs even via alternative flows)
• Optionally disable the built-in plugin/theme editors (capability-based) while Safe Mode is enabled
• Hide update notices
• Trim selected admin bar nodes (Updates / Comments / New Content)
• Auto-disable after a configurable number of minutes (optional)

Client restrictions (role-based + optional user targeting) can

• Optionally target a specific user account (in addition to roles)
• Hide risky menus
• Block direct access to sensitive wp-admin screens
• Disable file modifications
• Hide update notices
• Optionally limit the Media Library to a user’s own uploads (privacy on multi-author sites)
• Optionally hide common Dashboard widgets for restricted roles (UI cleanup)
• Optionally lock profile email/password changes for restricted roles (prevents self-service account takeover)

General hardening (site-wide, optional)

• Disable XML-RPC
• Disable the built-in plugin/theme editors for all users (capability-based)

Administrators are never restricted by client restrictions. On multisite, super-admins are also excluded.

Privacy

This plugin does not send data to external services.

It stores: * A per-user flag in user meta (brenwp_csm_safe_mode) * An optional per-user expiry timestamp (brenwp_csm_safe_mode_until) if auto-expiry is enabled

This data remains on your site. No analytics, tracking, or remote requests are performed by this plugin.

The plugin also: * Adds suggested text to the Privacy Policy Guide (Settings → Privacy) * Registers a data exporter and eraser for the Safe Mode user meta

Security

This plugin follows WordPress hardening best practices:

• CSRF protection: all state-changing actions use POST and require a WordPress nonce.
• Authorization: privileged admin actions are gated by capability checks (manage_options by default, filterable).
• XSS defense: user-controlled data is sanitized on input and escaped on output.
• No remote requests: the plugin does not make outbound HTTP requests.
• Data minimization: the activity log is bounded, does not store IP addresses, and redacts likely secrets in log context values.

Assumptions and scope:

• The plugin enforces policies inside WordPress; it does not replace server/WAF hardening.
• Safe Mode is per-user and does not modify the site’s active plugins/themes list.

Troubleshooting

I don’t see the Safe Mode toggle in the admin bar

• Confirm the WordPress admin bar is enabled for your account.
• Confirm Enforcement is enabled in the plugin settings.
• Confirm your role is included in Who can toggle Safe Mode (or you are an administrator / multisite super-admin).

My profile email/password cannot be changed

If Restrictions → Lock profile email/password is enabled and your account is restricted, you will not be able to change your own email or password. Contact an administrator.

XML-RPC stopped working

If you rely on legacy services that require XML-RPC (some old mobile apps / integrations), disable General → Disable XML-RPC.

I get redirected with an “Access blocked” notice

A configured policy blocked a sensitive admin screen. Review: * Restrictions → Block direct screen access (for restricted roles) * Safe Mode → Block risky admin screens (for your account if Safe Mode is enabled)

Safe Mode is enabled but I want to turn it off

• Use the Safe Mode tab to toggle it off.
• If auto-off is enabled, it will disable automatically after the configured time window.
• If Enforcement is OFF, the UI provides a Clear stored Safe Mode button to remove the stored flag.

Developer Hooks

Filters: * brenwp_csm_required_cap — change the capability required to manage this plugin (default: manage_options). * brenwp_csm_presets — customize Dashboard presets (label/description/patch arrays). * brenwp_csm_create_client_role — return false to prevent creating the bren_client role on activation. * brenwp_csm_client_role_caps — customize capabilities assigned to the bren_client role on activation. * brenwp_csm_remove_client_role_on_uninstall — return false to keep the bren_client role during uninstall cleanup.