Why is a 3rd party plug-in able to DELETE YOUR CLIENT INTO?

wallyaime · March 9, 2024, 4:41pm

Question:
[Why would a 3rd party plugin have this much access to your website?]

Flashlight Cursor:
[All it needs to have access to is the page it is applied to.]

I’m trying to get a detailed 5-sentence minimum explanation from the Wix Team:
[I just don’t think this is necessary. It says " This app may access, use, copy, change or delete all your website’s data, including your and your website visitors’ and members’ financial and personal information. “WT actual F!!!”

Wix is already the master of what gets added to your site, now we have to let a random non-Wix team have all this access?]

I’ve already tried thinking of why Wix would give this power away like this
[I know to most people it may be a small thing but I’m also asking for other web builders whose M.O. is security.]

codequeen · March 9, 2024, 4:52pm

Technically you would have to ask the 3rd party to see what they actually do or don’t do.

Depending on the type of app you are installing and WHAT it integrates with on Wix, for example Wix Stores, Wix Bookings, etc, the 3rd party is supposed to select that specific category so that Wix can automatically “cover all bases” with a broad list of “permissions”.

These are the lists of permissions per each different category type:

The verbiage itself is created by Wix, not the 3rd party. The 3rd party is simply supposed to select the category and all of the “legal verbiage” gets added to the app info automatically.

In reality, there is only so much a developer can see or manipulate via code due to the limited API connections that Wix has available.

wallyaime · March 9, 2024, 4:58pm

Okay, I understand. But sheesh… it’s creepy

codequeen · March 9, 2024, 5:39pm

Oh I most definitely agree!

There is so much they can improve in that area.

Even for the most simplest apps Wix requires us to add an email address for our “privacy and data contact” person. Ummmmm? This app does animation on the website. We don’t collect information or data. BUT it is a required field ….

So yeah.

Angela_Wallis_Moore · April 25, 2024, 11:48am

This is precisely why, having gone through the process of setting up Stripe payments, I won’t use the payment button provided on Wix. This may well be a boilerplate disclaimer, but if I accept it to enable installation, I don’t have a legal leg to stand on should Certified Code suddenly delete my site contents. Wix needs to do a lot better to protect its clients who pay a lot of money for our premium websites.

Topic		Replies	Views
Is Wix really OK with apps like this? Ask the community question	1	33	January 20, 2025
Client Dashboard Ask the community wix-studio , wix-stores	8	114	January 13, 2021
Concerns about app use agreements Ask the community code , wix-members-area , wix-apps-market , design	6	302	January 17, 2024
Authenticated 3rd Party API Access? Ask the community code , wix-apps-market , question	6	2008	January 11, 2022
Feature Request: Permissions for managers of Wix Events Ask the community partners	2	196	January 6, 2021

Why is a 3rd party plug-in able to DELETE YOUR CLIENT INTO?

Related topics