Limit Comments moderation, part 2

April 22nd, 2012

Limit comments moderation part 2

Limit comments moderation 2

We have discussed couple of tricks to limit comments moderation in this post already and know how to hide comments moderation links and commands from user. In this post we will see:
– how to show comments to the user with ‘Author’ role from his posts only;
– how to exclude unneeded views from ‘Comments’ page, left just ‘Approved’ for example.
Read the rest of this entry

WordPress 3.3.2 Security Update

April 22nd, 2012

wordpress 3.3.2 security update

WP security update

WordPress published version 3.3.2. It is critical security update. According to WordPress Developers Blog, three external libraries included in WordPress (Plupload, SWFUpload, SWFObject) received security updates. WordPress 3.3.2 also addresses:
– Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
– Cross-site scripting vulnerability when making URLs clickable.
– Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
Full list of changes made in version 3.3.2 is available here.
PHP delevelpers could see changes in source code directly using this link.
If you didn’t install this update yet, consider to do it right now. It’s very important to defend your lovely blog as much as possible.
Read the rest of this entry

Preview others posts without edit

April 11th, 2012

Preview Others Posts Without Editing

Preview Others Posts

You can preview others not published yet posts in case you can edit them only. This is WordPress behavior by default. Suppose, you decided to change that, and give some users or role ability to read others posts in read-only mode, not giving them ‘edit-others-posts’ capability.
You will need to add a new user capability, modify one file from WordPress core and add little piece of code to your theme functions.php file. Are you ready? Let’s go!
Read the rest of this entry

Choose right plugin name

April 8th, 2012

Choose right name for your WordPress plugin

Choose plugin name

What 1st step should be done when you got a brilliant idea and decided to develop new amazing WordPress plugin? Yes, you need to choose right name for it. There are 27891 names registered at WordPress plugins repository for this moment. So your plugin name should be unique, descriptive, but short enough, in order to user can remember and easy share it. How to make plugin name unique, but do not lose the main sense. It could be good practice to start plugin name from your business name, your own name or nick. This way your plugin name will have its own place in the whole WordPress plugins list and will not be lost between tens or hundreds of other plugins, which try to do similar things and for that reason may have and really have similar names.
Read the rest of this entry

delete_users WordPress user capability

April 2nd, 2012

delete_users WordPress user capability

delete users

Suppose your site has a lot of user registrations and a lot of them are SPAM records. In that situation you could wish to delegate such spam users deletion to someone else. What capability is needed to get permission to delete unneeded WordPress users records? First of all, – delete_users capability. Is it enough? No. In order to delete user, you need to select it from user list. Thus, you should have some other user capability. Yes, it is 'list_users' capability. Without such capability you can not access your blog users list (“Users->All Users” menu item) under single-site WordPress installation and can not apply “Delete” command to selected user. Continue reading to see more detailed description and (if you curious enough) look inside WordPress core source code to know where and how WordPress implements ‘delete_users’ security permission.
Read the rest of this entry

delete_themes WordPress user capability

March 19th, 2012

delete_themes WordPress user capability

delete_themes

What capability to add or remove in order to allow or prohibit WordPress theme deletion? That’s simple, you can say, of course delete_themes user capability. It is clear from its name, isn’t it? You are right. But it is not full true. It’s useful to know, that if you have not switch_themes capability under single-site WordPress installation, you can not delete selected theme, even if you click ‘Delete’ command from WordPress interface. Interesting? Continue reading and see more detailed description or (if you curious enough) even look inside WordPress core source code together with me.
I found delete_themes capability in this WordPress core files:
wp-admin\themes.php;
wp-admin\network\themes.php;
wp-admin\includes\class-wp-ms-themes-list-table.php;
wp-admin\includes\class-wp-themes-list-table.php;
wp-includes\capabilities.php;
wp-admin\includes\schema.php.
Read the rest of this entry

delete_plugins WordPress user capability

March 17th, 2012

delete_plugin WordPress user capability

Delete plugin

delete_plugins WordPress user capability allows user to delete not active plugins. Such user has to have access to the “Plugins” menu at WordPress administrator back-end (requires activate_plugins capability for that). In order to delete plugin user can use plugin row link, which is shown under each plugin name, or bulk action, applied to the selected set of plugins simultaneously.
delete_plugins capability is used inside these WordPress core files:
wp-admin/plugins.php;
wp-admin/includes/class-wp-plugins-list-table.php;
wp-admin/includes/schema.php;
wp-includes/capabilities.php;
Proceed reading if you wish to look inside WordPress core code and get more details.
Read the rest of this entry