The only prerequisite for current_user_can() is an existing wp_get_current_user(). The latter is defined in pluggable.php, so you can use it after plugins_loaded. The _doing_it_wrong() call you are citing in your question is wrong for itself. My guess is that you took that from BuddyPress or bbPress. Both are running into a recursion if they don’t … Read more
I got this almost working, but refinements are needed to fit the specifics of the question and to deal with Attachments and Post-Types differently (see comments in code)… First, I think it’s worth noting how I found the filter: apply_filters( ‘views_’ . $screen->id, $views ) inspect element do a global search in /wp-admin and /wp-includes … Read more
If you did want to lock things down…. a normal wordpress site will usually only require the database user to have SELECT, INSERT, UPDATE and DELETE. If you want to use the automatic update feature it will also require CREATE and ALTER. Some plugins may require other permissions but most won’t.
Hardening WordPress on the WordPress Codex is a very good article on how to secure your WordPress blog, which goes into quite some detail on file permissions, as well as some other methods of securing WP.
Because I had cut and pasted define(’FS_METHOD’,’direct’); from the web, the incorrect quote characters were pasted into the file. should be define(‘FS_METHOD’, ‘direct’); The incorrect quote character also changed the encoding of the file somehow. If anyone has deeper knowledge of this issue please let me know in the comments.
This is a read-write permission error. Fix this by changing the “wp-content” folder’s permissions to 755. If this doesn’t work checked the wp-config.php file and if it’s not already defined, add define(‘WP_TEMP_DIR’, ABSPATH . ‘wp-content/’);
Special thanks to user42826. According to the codex: If WordPress is hosted behind a reverse proxy that provides SSL, but is hosted itself without SSL, these options will initially send any requests into an infinite redirect loop. To avoid this, you may configure WordPress to recognize the HTTP_X_FORWARDED_PROTO header (assuming you have properly configured the … Read more
I have gone through the source, and from what I can see, there aren’t any hooks/filters to tap into changing permissions. My understanding is that this was an intentional design decision. While the REST API was built to be extensible, it is not recommended to modify core endpoints in the way you are asking. There … Read more
Use Justin Tadlock’s plugin “Members“. It gives you the ability to create new roles and edit existing roles, as well as add custom capabilities. All that work that you’d have to do can be taken down to a few clicks. I know you said in your comment on ZaMoose’s answer that you are ‘looking to … Read more
The others are not needed as you point out. Btw, what you could do is, conditionally set the user/pass based on the requested page. As in unprivileged with select/insert/update/delete for normal usage, and privileged with definition/index related stuff in addition when visiting the upgrade page.