Restricting access to content

The easiest way is to use if ( current_user_can( 'capability' ) ) // do stuff. You’ll find more about capabilities in the codex. You can also inspect the data some user has attached with normal var_dump() and else. I also got a pretty old plugin for that. But I’m not sure if it still works with the current WP version. If it does, you’ll be presented with close to all user data and some hints & snippets on a new admin page.

Related Posts:

  1. Getting a List of Currently Available Roles on a WordPress Site?
  2. How to secure or disable the RSS feeds?
  3. How do I authenticate WP users from a chrome extension?
  4. Best Way to Enable Two Step Authentication
  5. Single sign-on: wp_authenticate_user vs wp_authenticate
  6. How does the “authentication unique keys and salts” feature work?
  7. Auth cookie value security risk?
  8. Dangers to allowing Access-Control-Allow-Origin: * for Feeds only?
  9. Restrict Access in Admin Panel
  10. Auto log in hook is requiring a page refresh
  11. Is WordPress secure enough for a multi-user article directory?
  12. User generated content and security
  13. Uploading attachment (pdf) and prevent download for anonymous user
  14. How to make WP page accessile only to specific user roles
  15. Custom user roles are unable to login
  16. Why is SSH password authentication a security risk?
  17. SSL Error: unable to get local issuer certificate
  18. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
  19. Why does the URL http://a/%%30%30 crash Google Chrome?
  20. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site?
  21. Can an attacker use inspect element harmfully?
  22. Where does Internet Explorer store saved passwords?
  23. WordPress 4.7.1 REST API still exposing users
  24. Should I escape wordpress functions like the_title, the_excerpt, the_content
  25. When to use esc_html and when to use sanitize_text_field?
  26. Will there be security updates for 3.1 once 3.2 is released?
  27. wp_update_user not updating
  28. WordPress it’s cleaning a custom query_var to avoid sql injections?
  29. How can I hide a category from Contributors in the edit/add new post screen?
  30. Tips for finding SPAM links injected into the_content
  31. Is WordPress vulnerable to the httpoxy?
  32. Prevent setup-config.php page from appearing when host blocks database
  33. Restrict users on multisite WordPress install
  34. Basic auth WordPress REST API dilemma
  35. wp.getUsersBlogs XMLRPC Brute Force Attack/Vulnerability
  36. Is there a security risk giving someone temporary access to my blog’s code?
  37. How to properly sanitize/secure a WP Query coming from the front end
  38. How to remove “Super Admin” from All Users for those that are not a “Super Admin”?
  39. What is the difference between “create_users” and “add_users” capabilities?
  40. Can I create users that have access to *some* other users posts instead of all other users posts?
  41. Should I Worry About SQL Injection When Using wp_insert_post?
  42. Security – Shortcode injection attack
  43. Registration Plugin – Recaptcha integration
  44. How to combat flooding admin-ajax.php?
  45. How to disable a specific page for a specific user
  46. Moving away from MD5: Where to declare the custom global $wp_hasher?
  47. Would it be dangerous to send all the wp_options to javascript file?
  48. Should I disable directory listing for wp-includes?
  49. Authentication with the Rest API when using an External Application
  50. Safety side of storing emoji into database
  51. How can I safely hide the fact that my website runs on WordPress? [closed]
  52. How can I display nickname instead username in links
  53. My WordPress Websites are always under attack
  54. Is there value in using a wp_nonce for POST requests?
  55. Create custom post with custom user rules
  56. How to hide easy access to my website temporarily?
  57. Can I Remove xmlrpc.php completely?
  58. How much should I worry about these messages?
  59. Plugin creation – how to add user rights?
  60. Uploading .webm format on WordPress results in security guidline breach and fail
  61. Any any insecure http:// URLs left in wordpress?
  62. White screen of death on admin pages after moving wp-config up two levels for security
  63. User restricted only show posts assigned to current user
  64. remove wp admin menu by customer user role
  65. Can a WordPress administrator see other users’ passwords?
  66. Why my plugins are updating automatically?
  67. Spam injected in w3 total cache page cache [closed]
  68. Privilege escalation bugs in 2.9?
  69. How do you manage your pages or functions that require logged-in users?
  70. Content-Security-Policy blocks WordPress check boxes from being activated
  71. Allow admins to login as other users
  72. Prevent editor from adding script or form
  73. wordpress admin security
  74. Remove hacked code – out of ideas! [closed]
  75. Why do people use “admin” username by default? [closed]
  76. Give users acces to admin a single post or set up WP network?
  77. if role is logged in then do something
  78. prevent anonymous access to WordPress site (non-admin site)
  79. WordPress Database Re-installed (Hacked)
  80. WordPress Security tools
  81. Robots.txt file not updating
  82. Security: Critical backend outside of wordpress
  83. Advice On How to Backup WordPress
  84. How can I stop other plugins from using my class’ sensitive methods?
  85. What are WordPress Current Security Issues in 2017?
  86. wp-config.php moved above root results in no plugin updates
  87. Allowing users to edit only their page and nobody else’s
  88. Users are required to login to my site. How define user.member boolean, its permissions, and conditionally display/handle behavior based on it
  89. How to bulk change user role to “No role for this site”
  90. Password-protect feed and make it usable in major aggregators
  91. Is it possible to restrict a specific user to edit a specific custom post.
  92. Securely log in a user without a password using a link?
  93. how to find the way they hacked my WP site
  94. is this code properly secured
  95. nginx + wordpress: Best practices for configuring it to be secure, reliable, and fast? [closed]
  96. How to get real password (before encrypt) when register a user?
  97. Front-end ajax problem all users and guests getting a 302 redirect when accessing wp-admin/admin-ajax.php
  98. How do you search for backdoors from the previous IT person?
  99. Is wp-cron.php vulnerable to external attacks and how to protect it?
  100. How to address security vulnerabilities: LUCKY13, BEAST, and BREACH
techhipbettruvabetnorabahisbahis forumutaraftarium24edusedusedueduedusedusedueduseduedus