Posted 8 months ago #
The plugin is facing serious security issue.
After it's activated, all subscribers have "Media" tab in their dashboard, allowing to upload and see all the media files.
Even if you deactivate and uninstall the plugin, they can still get access to the Media library.
See more here:
http://wordpress.org/support/topic/plugin-wp-hide-dashboard-media-tab-still-visible
No support from the developer though!
How do you actually hide the Media library from subscribers now?!
Posted 7 months ago #
If you do not want users to have access to media, please find lines in the ucan-post-class.php file:
$role = get_role('contributor');
$role->add_cap('upload_files');
$role = get_role('subscriber');
$role->add_cap('upload_files');
$role->add_cap('unfiltered_html');Change them to this:
$role = get_role('contributor');
$role->remove_cap('upload_files');
$role = get_role('subscriber');
$role->remove_cap('upload_files');
$role->remove_cap('unfiltered_html');After changing these lines you will need to de-activate and re-activate the plugin before it will take affect.
You must log in to post.
