Restricting access to content

The easiest way is to use if ( current_user_can( 'capability' ) ) // do stuff. You’ll find more about capabilities in the codex. You can also inspect the data some user has attached with normal var_dump() and else. I also got a pretty old plugin for that. But I’m not sure if it still works with the current WP version. If it does, you’ll be presented with close to all user data and some hints & snippets on a new admin page.

Related Posts:

  1. Getting a List of Currently Available Roles on a WordPress Site?
  2. How to secure or disable the RSS feeds?
  3. How do I authenticate WP users from a chrome extension?
  4. Best Way to Enable Two Step Authentication
  5. Single sign-on: wp_authenticate_user vs wp_authenticate
  6. How does the “authentication unique keys and salts” feature work?
  7. Auth cookie value security risk?
  8. Dangers to allowing Access-Control-Allow-Origin: * for Feeds only?
  9. Restrict Access in Admin Panel
  10. Auto log in hook is requiring a page refresh
  11. Is WordPress secure enough for a multi-user article directory?
  12. User generated content and security
  13. Uploading attachment (pdf) and prevent download for anonymous user
  14. How to make WP page accessile only to specific user roles
  15. Custom user roles are unable to login
  16. Why is SSH password authentication a security risk?
  17. Authentication versus Authorization
  18. SSL Error: unable to get local issuer certificate
  19. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
  20. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
  21. How to redirect all HTTP requests to HTTPS
  22. What is the difference between a cer, pvk, and pfx file?
  23. How to solve “Kernel panic – not syncing – Attempted to kill init” — without erasing any user data
  24. What’s the best approach for generating a new API key?
  25. Is it possible to decrypt SHA1
  26. Simplest two-way encryption using PHP
  27. Why does the URL http://a/%%30%30 crash Google Chrome?
  28. what is a auth_user_file.txt?
  29. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site?
  30. How does the SQL injection from the “Bobby Tables” XKCD comic work?
  31. Error `sec_error_revoked_certificate` when viewed in Firefox only
  32. How to view PHP on live site
  33. Convert .pfx to .cer
  34. how fix “this certificate cannot be verified up to a trusted certification authority”
  35. Can an attacker use inspect element harmfully?
  36. Where does Internet Explorer store saved passwords?
  37. How can bcrypt have built-in salts?
  38. Is moving wp-config outside the web root really beneficial?
  39. Hide the fact a site is using WordPress?
  40. Verifying that I have fully removed a WordPress hack?
  41. Infected Files – what to do [closed]
  42. WordPress 4.7.1 REST API still exposing users
  43. Can I Prevent Enumeration of Usernames?
  44. Allow member to have access to custom post type only. Permission to only edit their own posts
  45. Best way to eliminate xmlrpc.php?
  46. What’s the easiest way to stop WP from ever logging me out
  47. If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
  48. Should I escape wordpress functions like the_title, the_excerpt, the_content
  49. Why should I use the esc_url?
  50. Should I remove install.php and install-helper.php?
  51. Prevent access or auto-delete readme.html, license.txt, wp-config-sample.php
  52. How safe / sanitized is wp_insert_posts()?
  53. Why does WordPress need my private ssh key to update?
  54. When to use esc_html and when to use sanitize_text_field?
  55. From a security standpoint, should bloginfo() or get_bloginfo() be escaped?
  56. Where to securely store API keys and passwords in WordPress?
  57. Are Nonces Useless?
  58. What is the difference between esc_html filter vs attribute_escape filter?
  59. Why escape if the_content isnt?
  60. Why does WordPress have more than one salt?
  61. Why are passwords exportable as plain text in WordPress?
  62. What is the ideal setup to address security concerns?
  63. Will there be security updates for 3.1 once 3.2 is released?
  64. What’s the difference between esc_* functions?
  65. wp_update_user not updating
  66. Full path disclosure on rss-functions.php
  67. What to use instead of wp_kses() in user output
  68. How to set up fail2ban with WordFence?
  69. Allowing users to edit only their page and nobody else’s
  70. How do I technically prove that WordPress is secure?
  71. Are the default salts secure?
  72. is_email() VS sanitize_email()
  73. WordPress it’s cleaning a custom query_var to avoid sql injections?
  74. Which KSES should be used and when?
  75. Can someone explain the use cases of esc_html?
  76. Is there a way to force ssl on certain pages
  77. How do WordPress Nonces Work?
  78. Troubleshooting a “You do not have sufficient permissions to access this page” error
  79. Restrict admin access to certain pages for certain users
  80. How can I hide a category from Contributors in the edit/add new post screen?
  81. Disallowing Users of a Custom Role from Deleting or Adding Administrators?
  82. Tips for finding SPAM links injected into the_content
  83. Subscribe to email for security fixes?
  84. Close a wordpress blog – keep site as it is but prevent hacks
  85. How to assign specific users the capability to edit specific pages / posts / custom post types
  86. Hide Admin Menu for Specific User ID who has administrator Role
  87. Is WordPress vulnerable to the httpoxy?
  88. What is the purpose of having a token in cookies?
  89. How to escape custom css?
  90. How to remove “Connection Information” requirement on localhost install of WP on MACOSX
  91. Understanding SVG vulnerabilities in WordPress related to a specific fix
  92. How is password strength calculated?
  93. Moving wp-config.php: Can this be done after site launch?
  94. How to get all capabilities of an existing user role
  95. Make A WordPress Page Accessible To Admins Only, Redirect Other User Roles
  96. Limit access to posts/pages by user roles
  97. Regular security checks – what steps should be included?
  98. What are the pros and cons of using a custom front-end to retrieve content from a WordPress back-end
  99. Is WordPress’ is_user_logged_in() secure?
  100. How can I easily verify a core or plugin update has not broken anything?
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)