Use remove_cap for this. function remove_proofreader_create_posts(){ global $wp_roles; $wp_roles->remove_cap( ‘proof_reader’, ‘create_posts’ ); $wp_roles->remove_cap( ‘proof_reader’, ‘create_pages’ ); } NOTE: This is not a global function, but a method of the WP_Roles, WP_Role and WP_User classes. It must be called using an instance of one of these classes, as shown in the examples. ALSO: You’ll want to … Read more
Basic auth is a very common username/password authentication method and it’s as strong as the username-password combination and the encryption of the protocol you’re using. The weakness of basic auth is that if you use it with plain http instead of https then the username and password is susceptible to a man-in-the-middle attack. You can … Read more
WordPress REST API call generates nonce twice on every call
Where are you triggering the second code block (that includes is_user_logged_in())? That code may be triggered before set_current_user, which is called after plugins_loaded. I would take a look at the action reference and see if you are calling your check before WordPress is aware of the user.
Cookies, or even HTML5 local storage, seem like a good way to implement this. Here’s some basic code that could serve as a starting point. Post IDs are stored as CSV in the cookie. // Load current favourite posts from cookie $favposts = (isset($_COOKIE[‘favposts’])) ? explode(‘,’, (string) $_COOKIE[‘favposts’]) : array(); $favposts = array_map(‘absint’, $favposts); // … Read more
I finally managed to get the required behaviour, I ended up using updated code from the example I showed in my question – and actually closer to the code suggested in the question I referenced in my question text! Here is the code that worked in the end: function allow_user_to_edit_cpt_filter($allcaps, $cap, $args) { global $current_user; … Read more
The easiest method of doing this would be to use the Gravity Forms plugin, it costs money, but it’s well worth the investment, and quickly pays for itself in saved development time
If I did understand well, we need to cache a value retrieved from another REST service, from the login to logout of the user on the wordpress installation, so we will hook into this wp_login to get the value and cache it using Transient API, Options API or a persistent caching plugin. add_action(‘wp_login’, ‘my_get_and_cache_rest_value’); function … Read more
To add a field to the profile/user edit page you need to use the edit_user_profile hook and show_user_profile hook so: add_action( ‘show_user_profile’, ‘my_extra_user_fields’ ); add_action( ‘edit_user_profile’, ‘my_extra_user_fields’ ); function my_extra_user_fields( $user ) { ?> <h3>User avatar</h3> <table class=”form-table”> <tr> <th><label for=”user_avatar”>User avatar</label></th> <td> <input id=”user_avatar” name=”user_avatar” type=”text” value=” <?php $user_avatar = get_the_author_meta( ‘user_avatar’, $user->ID ); … Read more
There’s several plugins in the directory that will track the last login time of your users, each with various options: http://wordpress.org/extend/plugins/search.php?q=last+login You could use one of those to track login times, and then delete unused accounts based on the information one of those plugins provides.