WordPress user capability introduced into WordPress since version 2.0 is not used anymore
. It is added into current WordPress database schema for backward compatibility purpose with old themes and plugins, but no one line of WordPress core code uses this capability to take real decision about user’s permissions, allow or prohibit some operation.
Thus, I classified
capability as deprecated
and show it at User Role Editor
plugin similar way as other deprecated capabilities like ‘level_1′, ‘level_2′, etc., that is hidden by default.
To see deprecated capabilities list at User Role Editor turn on “Show deprecated capabilities’ checkbox at the top of role editor form.
Limit comments moderation 2
We have discussed couple of tricks to limit comments moderation in this post
already and know how to hide comments moderation links and commands from user. In this post we will see:
- how to show comments to the user with ‘Author’ role from his posts only;
- how to exclude unneeded views from ‘Comments’ page, left just ‘Approved’ for example.
WP security update
WordPress published version 3.3.2. It is critical security update. According to WordPress Developers Blog
, three external libraries included in WordPress (Plupload, SWFUpload, SWFObject) received security updates. WordPress 3.3.2 also addresses:
- Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
- Cross-site scripting vulnerability when making URLs clickable.
- Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
Full list of changes made in version 3.3.2 is available here
PHP delevelpers could see changes in source code directly using this link
If you didn’t install this update yet, consider to do it right now. It’s very important to defend your lovely blog as much as possible.
Preview Others Posts
You can preview others not published yet posts in case you can edit them only. This is WordPress behavior by default. Suppose, you decided to change that, and give some users or role ability to read others posts in read-only mode, not giving them ‘edit-others-posts’ capability.
You will need to add a new user capability, modify one file from WordPress core and add little piece of code to your theme functions.php file. Are you ready? Let’s go!
Choose plugin name
What 1st step should be done when you got a brilliant idea and decided to develop new amazing WordPress plugin? Yes, you need to choose right name for it. There are 27891 names registered at WordPress plugins repository
for this moment. So your plugin name should be unique, descriptive, but short enough, in order to user can remember and easy share it. How to make plugin name unique, but do not lose the main sense. It could be good practice to start plugin name from your business name, your own name or nick. This way your plugin name will have its own place in the whole WordPress plugins list and will not be lost between tens or hundreds of other plugins, which try to do similar things and for that reason may have and really have similar names.
Suppose your site has a lot of user registrations and a lot of them are SPAM records. In that situation you could wish to delegate such spam users deletion to someone else. What capability is needed to get permission to delete unneeded WordPress users records? First of all, –
capability. Is it enough? No. In order to delete user, you need to select it from user list. Thus, you should have some other user capability. Yes, it is
capability. Without such capability you can not access your blog users list (“Users->All Users” menu item) under single-site WordPress installation and can not apply “Delete” command to selected user. Continue reading to see more detailed description and (if you curious enough) look inside WordPress core source code to know where and how WordPress implements ‘delete_users’ security permission.
What capability to add or remove in order to allow or prohibit WordPress theme deletion? That’s simple, you can say, of course
user capability. It is clear from its name, isn’t it? You are right. But it is not full true. It’s useful to know, that if you have not
capability under single-site WordPress installation, you can not delete selected theme, even if you click ‘Delete’ command from WordPress interface. Interesting? Continue reading and see more detailed description or (if you curious enough) even look inside WordPress core source code together with me.
capability in this WordPress core files: