Maybe this isn’t the best method because it does give an editor access to Settings and Options, but what this does is gives the a specific editor (based on user ID) the permissions to edit options. We then test if we’re loading one of the options template, if we are AND the user id is the same id we’ve given permissions to, kill the process and spit out a message.
1) So first thing’s first, create your SEO user and assign him an Editor role.
2) Next we need to give this user the ability to manage_options. You can find this by editing the user and looking at the URL, it should be one of the last parameters in the URL.
/** Give our SEO Guy Permissions **/
function give_seo_yoastToast() {
$user = new WP_User( $seo_user_id );
$user->add_cap( 'manage_options');
}
add_action( 'admin_init', 'give_seo_yoastToast');
3) Now we need to make sure all our SEO dudeski can’t access any of the critical options. To my knowledge, the pages below are the only way this user can edit crucial information. IF they do view these pages, we kill it and spit out a message, feel free to change the message.
/** Remove Access to Certain Pages **/
add_action( 'load-options-general.php', 'prevent_seoguy_access' );
add_action( 'load-options-writing.php', 'prevent_seoguy_access' );
add_action( 'load-options-reading.php', 'prevent_seoguy_access' );
add_action( 'load-options-discussion.php', 'prevent_seoguy_access' );
add_action( 'load-options-media.php', 'prevent_seoguy_access' );
add_action( 'load-options-permalink.php', 'prevent_seoguy_access' );
add_action( 'load-options.php', 'prevent_seoguy_access' );
function prevent_seoguy_access(){
$currID = is_user_logged_in() ? get_current_user_id() : 0;
if($currID == $seo_user_id ){
wp_die("There was a hole here once, it's gone now.");
exit();
}
}
4) Right now, he can view the pages in the menu but when he access them he sees the message above. Just as an extra step, let’s actually remove this page from our menu. Please note that if you do remove the menu page without the above function, a savvy user could go to any of the option pages directly via URL.
/** Remove Settings Menu Page from SEO Guy **/
function seo_guy_menu() {
if(!current_user_can('administrator')){
remove_menu_page('options-general.php');
}
}
add_action('admin_menu', 'seo_guy_menu');
5) And you’re done!
Unfortunately as you pointed out in your question, Yoast doesn’t look like it has a capability to give a user specific permission to all the SEO stuff without giving them unnecessary extra permissions as well which kind of sucks. And on another sidenote you could instead of going with a static $seo_user_id make a SEO Role instead, give that role editor permissions along with the above. That’s a bit more work (not too much though) but if you only have 1 guy doing your SEO forever then the above method is fine I guess.