I spent several hours of my Saturday looking for this error. I could not find a guide anywhere on the ‘net that described my eventual solution. Here is my solution. In the WP core, the “You do not have sufficient permissions to access this page.” error is generated at the end of /wp-admin/includes/menu.php. A grep … Read more
Just a quick note, the code define(‘FORCE_SSL_ADMIN’, true); if ($_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’) $_SERVER[‘HTTPS’]=’on’; need to be at the top of the config file just after the <php or it will not work.
The user passwords are stored in one-way encription. Even looking at the database you can not know the password. This is a very basic privacy feature. Most users use the same password on multiple sites; imaging the potential risks for users if the administrator of the site can access to their passwords. You can intercept … Read more
The Role Scoper plugin can enable this.
Im using remove_role and then add_role to upgrade a user from one role to another. Here is a function that checks all user within the user role subscriber and upgrade them to editor every hour. /** * Add a cron job that will update * Subscribers to editors. Runs hourly */ add_action(‘check_user_role’, ‘upgrade_user’); function run_check_user_role() … Read more
This isn’t really a WordPress question – but you can add a rewrite rule to prevent access unless the referrer is your own domain. [Update] You’ll need to do 2 things Add a rewrite rule (either directly with .htaccess or by using WP_rewrite (Codex reference). The aim here is to deny requests to your documents … Read more
Either of these 3 will help you: //Before getting the comments, on the WP_Comment_Query object for each comment add_action(‘pre_get_comments’, ‘wpse56652_filt_comm’); //Applied on the comments SQL Query, you can modify the ‘Where’ part of the query add_filter(‘comments_clauses’, ‘wpse56652_filt_comm’); //After the comments are fetched, you can modify the comments array add_filter(‘the_comments’, ‘wpse56652_filt_comm’); function wpse56652_filt_comm($param) { //access the … Read more
What needs to happen is that you need to proxy download requests for the file types you want through WordPress. Let’s assume you’re going to restrict access to “.doc” files. 1. Define a query variable that indicates the requested file function add_get_file_query_var( $vars ) { $vars[] = ‘get_file’; return $vars; } add_filter( ‘query_vars’, ‘add_get_file_query_var’ ); … Read more
Use is_admin(). It checks if you’re viewing an Admin page, means the backend.
I was sure that wp_update_user() should do this. It even gets user_login as param, but it looks like it ignores it, when you set this param. So this code looks OK, but it doesn’t work as you wish it did 🙁 : wp_update_user( [‘ID’ => $user_id, ‘user_login’ => $new_login] ); You have to call custom … Read more