How to disable Media Library uploads for non-Admin users?

Here are 2 methods to disable all uploading for users that are not administrators:

Method 1:

Remove the upload_files capability from the roles you do not want to be able to upload.

e.g. removing it from author role:

$role = get_role( 'author' );
$role->remove_cap( 'upload_files' );

This is saved to the database so it should only happen once, not on every page load. Removing it from the editor role should be the same albeit with the obvious modification.

Removing the capability will have the desired effect, but it may have additional effects you may not find so desirable, the only way to be sure is to test

Method 2

Consider this code. It uses the wp_handle_upload_prefilter filter to check the user has admin status, and aborts the upload if they do not. It relies on only administrators and above having manage_options.

<?php
/**
 * Plugin Name: Admin Only Uploads
 * Description: Prevents Uploads from non-admins
 * Author: TJNowell
 * Author URI: https://tomjn.com
 * Version: 1.0
 */

function tomjn_only_upload_for_admin( $file ) {
    if ( ! current_user_can( 'manage_options' ) ) {
        $file['error'] = 'You can\'t upload images without admin privileges!';
    }
    return $file;
}
add_filter( 'wp_handle_upload_prefilter', 'tomjn_only_upload_for_admin' );

You can make use of this filter to be more specific than upload_file, e.g. preventing the upload of images, and only images, but allowing audio, etc

Related Posts:

  1. Disable Media Uploads to non Admin Users
  2. How to let authors revise other authors drafts, but keep them from publishing?
  3. Making the thumbnails in the backend Media section bigger
  4. Making Media Library “Alternative Text” Field Required
  5. Pagination Error on Admin (You do not have sufficient permissions)
  6. How do I fix “You are not allowed to edit this item.” for Admins on existing posts?
  7. Page only shows when user is logged in (even with visibility set to public)
  8. Refreshing collections in the admin media manager
  9. WordPress stripping html and script tags from some admin users on save
  10. Don’t attribute content to admin users
  11. Fallback media image for featured image not working in admin column
  12. Apply permissions per post
  13. Admin cannot publish
  14. Unable to Access WP Admin or Login buttons after Migration
  15. Unable to upload image using the standard uploader in the WP admin (v4.3)
  16. remove menus for a specific role?
  17. Admin user lacks admin permissions after hack and can’t reinstate
  18. solution to prevent specific admins from altering site contents
  19. Wp-Admin FTPS Connection Error unlike Filezilla
  20. Prevent users in the backend from seeing WP/Plugin notifications and update annoucements?
  21. Possible to show in media library if images are being used as featured images?
  22. Error “Sorry, you are not allowed to access this page”
  23. Admin Access for specific page(s)
  24. My Account Lost Administrator permission
  25. What are the standard admin CSS id/class tags?
  26. how to know if admin is in edit page or post [duplicate]
  27. The website cannot display the page
  28. Set Default Admin Colour For All Users
  29. Settings API – easiest way of validating checkboxes?
  30. initial sort order for a sortable custom column in admin
  31. Uploading files in admin panel?
  32. Redirect Admin User in Dashboard
  33. Read only capability for custom post in admin area
  34. How can ‘admin_email’ be set?
  35. How to change WordPress default strings?
  36. Remove ability to access certain admin menus
  37. Gutenberg “Add Block” button is not active (greyed out), cannot add new blocks
  38. Conditional check for front-end which includes ajax
  39. Hide update messages from non-admin users?
  40. Daily notices of failed login attempts for non-existent admin user
  41. Reorder plugin items in the admin menu
  42. Reference external file as a function
  43. “Automatically add new top-level pages” Default
  44. Get email address of type Administrator
  45. Check if user is logged in else login page
  46. Calling a shortcode in the backend
  47. Is there a way to have admins that are logged in to wordpress not have to enter the password for password protected pages while browsing the website?
  48. How to receive security update notification email?
  49. Include admins in author drop-down on edit post screen
  50. Hide upload image fields for the different media upload popups
  51. How can I restore admin capabilities?
  52. How to restrict wp-admin and prevent upload errors
  53. Adding another “Add Post” button to admin
  54. How to determine if an admin is logged in outside the loop
  55. What determines whether admin toolbar is shown to a logged-in user?
  56. Adding text in more than one language (at the same time)
  57. How to get view count of every page on site and add that (increasing) number to Dashboard Widget
  58. Restrict function call to page load but not ajax call
  59. How do I remove All and Published if not admin?
  60. How to disable https from wordpress site?
  61. Cannot upload anything via wordpress
  62. Fatal error: Exception thrown without a stack frame in Unknown on line 0
  63. Settings API not saving values to database
  64. Dashboard menu missing
  65. Admin role not really admin
  66. Featured image on post edit page not loading over HTTPS
  67. How do I diagnose a plugin resource 404?
  68. Add menu item to edit specific page
  69. Post editor is 89953px tall. How to fix?
  70. Page can’t hand request – HTTP ERROR 500 – when updating something
  71. How to change the User name and Password of admin account
  72. Redirect public site to another one but allow administrators to access the old site
  73. Posts in sidebar only by admin
  74. Display an image of selected template in admin to aid user when using complex templates
  75. How to remove the default checked attribute from inputs in admin?
  76. Passing state from child component to parent component in a Gutenberg Sidebar
  77. I can’t enter the control panel of my wordpress site after channing the URL to https://
  78. Admin user column sort by numeric meta key
  79. Shop in Subdomain feeding main domain order in admin area
  80. Can I retrieve Published changes when changes have been Saved but not Published in WordPress Semplice?
  81. Error 404 Display on otherlinks apart from homepage
  82. I can’t access login page
  83. Get Link of Page Selected through a Select Field in Custom Admin Page
  84. how to disable the e-mail verification on wp-admin/options-general.php multisite admin e-mail
  85. How to change the title attribute for the WP logo image on wp-login.php
  86. conditionally update css on edit.php
  87. Simple CSS admin pagination
  88. Can I show the tag admin interface on a post when logged in as an admin?
  89. WordPress “Hide WP” Gives Me Error After Admin Login [closed]
  90. Making a custom upload form and page in the admin section
  91. site admin for subscribers
  92. WordPress gallery image link gives 404 when not logged in
  93. Custom Div with links on Admin Bar
  94. WordPress admin loads erratically “connection reset by peer”
  95. Remove “minor-publishing” div from Publish admin metabox
  96. New User Notification – Setting Email
  97. Can’t access my wp admin: captcha images invisible, gives me error message
  98. You do not have permission to access this document on form submit
  99. Woo Commerce Settings for Check-out Form [closed]
  100. What Role to assign remote site developer?