I am not confident your guess at “being included instead” is accurate. The inclusion of core file is hardcoded in wp-settings.php pretty hard, it would be extremely challenging to subvert under normal circumstances. I have trouble imaging scenario in which functions.php of the theme will be loaded, but add_action() will be unavailable. This simply shouldn’t … Read more
If you’re logged in as root, you can easily wipe directories or do something that in retrospect is really dumb on the system with the flip of a finger, while as a user you normally have to put a few extra mental cycles into what you’re typing before doing something that is dangerous. Also any … Read more
Try this by keeping in current theme functions.php Change your roles instead of author function add_theme_caps() { // gets the author role $role = get_role( ‘author’ ); // This only works, because it accesses the class instance. // would allow the author to edit others’ posts for current theme only $role->add_cap( ‘edit_posts’ ); } add_action( … Read more
It appears this was actually a firewall issue, not a permissions issue. Opening up a certain range of IP addresses on UFW via the Wordfence support article fixed the issue. The backupwordpress plugin seemed to work correctly once the DNS was resolved fully as well.
I had to change the ownership of the directory Current Ownership was username:www-data Changed it to www=data:www-data after this it’s not asking for my ftp password anymore and update is working with just one click Reference https://wordpress.org/support/topic/plugin-install-asks-for-ftp-details
Resolved by simply adding this line to wordpress root .htaccess: DirectoryIndex index.php
First you need to make group and subgroup. You can use wordpress existing User Role or you can make custom user role (group) by own. Members is a nice plugin to create custom role. For example your main group is “Group1” and subgroup is “Subgroup1”. First you need to check current user role (Group of … Read more
You can wrap the fields in an if statement that checks the logged in users capabilities. Assuming the tutors have the Editor role and the student don’t, you could: if( current_user_can(‘editor’) ) { // list fields hidden from student here } You could pick out any role or capability to use in that function as … Read more
You can try User Specific Content Plugin Where you can set user by role, user name etc. for a page & post. Hope this will helps you.
Turns out I wasn’t as thorough as I thought in removing vestiges of the hack. Found some more obfuscated PHP in template files, along with some .php files I didn’t have permissions for that shouldn’t have been there. Removed all that, and admin functionality is back to normal.