If you’re looking to restrict the ability to view pages or posts to those that have a specific role, you can use the method described here: https://wpti.ps/check-if-user-has-specific-role-or-capability-in-wordpress/ You could create a custom role for those that need access and then check for that role using the custom function in the link above. If going that … Read more
Hence, I want to block access of subscribers to all wp-admin menus/plugin pages including this link https://mywebsite.com/wp-admin/user-edit.php?user_id=113 This isn’t a bulletproof solution, but it should work in that non-admin users would no longer be able to access any admin pages when they’re logged-in: add_action( ‘admin_init’, function () { if ( wp_doing_ajax() || ! is_user_logged_in() ) … Read more
My REST URL was wrong – I didn’t add the userid to the url. Proper REST URL should be: /wp-json/wp/v2/users/30/ where 30 should be changed with user’s id.
any other way in WordPress side to configure external user authentication but without developing anything? No. The only authentication WordPress provides out of the box is cookie based authentication. There are however plugin based solutions, specifically ones that rely on widely accepted standards that aren’t unique to WordPress. These implement standardised authentication protocols such as: … Read more
For a user to be able to see the list of other users in wp-admin, he or she needs the capability list_users, to be able to edit existing profiles, he or she needs edit_users, to add new ones add_users and to delete old ones delete_users. For managing a site with multiple specific user roles that … Read more
No, the function current_user_can_for_blog expects a blog ID to be passed to it, not a post ID. I would change it to be like this: if( isset( $_POST[‘post_type’] ) && $_POST[‘post_type’] != ‘portfolio’ ) { if ( !current_user_can( $post_id, ‘edit_post’ ) ) return; }
Here is my working solution: function custom_login() { if(!empty($_POST[‘user_login’]) && !empty($_POST[‘user_pass’])){ $login_data = array(); $login_data[‘user_login’] = sanitize_user($_POST[‘user_login’]); $login_data[‘user_password’] = esc_attr($_POST[‘user_pass’]); $login_data[‘rememberme’] = true; $nonce = $_REQUEST[‘_wpnonce’]; $user = wp_signon( $login_data, false ); global $user_ID; // Check whether the user is already logged in and the nonce is verified if ( !$user_ID && !wp_verify_nonce( $nonce, ‘wp_login’ … Read more
How can I add authentication for rest_do_request()? No. This solution to your problems will not work, and it will not save time or effort. In fact, it will require extensive and concerted effort, and lots of time. This despite the entire purpose being to avoid dealing with undocumented PHP code by using the REST API … Read more
If WordPress is installed in /subfolder/, then the authentication cookies will by default only valid for that path. So if needed, you can allow the cookies in parent directory by setting the cookie constants like COOKIEPATH. For example, if I had WordPress installed at example.com/wp/ and I wanted the authentication works at example.com/, then I’d … Read more
Here is part of a multisite plugin I wrote that forces a user to log in. It required a user to be registered for the site; not just be a network user. It could be modified to check if user has a higher role. I did modify it to fit the OP requirements. add_action( ‘init’, … Read more