Agreed. More granular control and accessibility based on user roles would be great. Or the ability to only show certain JetPack modules based on a user’s role. This seems pretty serious.
Horrified by this. I have to inform each low-level user “do not touch”. It’s ridiculous.
Tom
(@tomasz_b)
That’s very interesting. Because of such issues I will not be surprised when vulnerabilities are found in Jetpack. But I hope this will be fixed.
Jetpack is ridiculous for many reasons. I deleted it because it is bloated with plugins (and new features are automatically enabled), it was slowing down my web site, stats was not working, and worst of all it was spying my visitors by setting a Quantserve web bug. I was not even aware of this and shocked when someone notified me 🙁
Rest assured, registered subscribers cannot make any changes to your site’s Jetpack Settings.
They will, however, see the Jetpack menu, and they will be able to connect to their WordPress.com account in order to activate the Toolbar notifications. You can read more about it here:
http://jetpack.me/support/toolbar-notifications/
For folks that come across this thread, I threw together a gist that shows how one can easily remove the menu for users that do not have the ‘edit_posts’ capability in a simple plugin. To install, I would create a file in mu-plugins named jetpack-tweaks.php and add the code. While there is a chance that this tweak could break after an upgrade, it is unlikely and won’t negatively impact your site.
https://gist.github.com/4252178
While this will work, registered subscribers won’t be able to use Toolbar Notifications.
Thanks gcorne
I would imagine you could just place that code snippet in your functions.php file as well.
Personally I like using a Functions.php Plugin (http://www.doitwithwp.com/create-functions-plugin/) so that I can apply custom tweaks to all sites on my WP Network at once, regardless of theme updates or theme switches.
I’m also assuming you could do something similar for the Author role as well?
<?php
function jetpack_hide_from_authors() {
if ( ! current_user_can('edit_posts') ) {
remove_menu_page( 'jetpack' );
}
}
add_action('jetpack_admin_menu', 'jetpack_hide_from_authors');
Thanks again.
@neffect, only subscribers cannot edit_posts (see Roles and Capabilities).
If you wanted to block only authors, you could use
if ( current_user_can('author')
If you wanted to limit it to only those “higher” than an author, you could use
‘if ( ! current_user_can(‘edit_others_posts’)’
or any other capability listed in the above link that applies only to Editors & Administrators (and Super Admins if Multisite).
I use slim jetpack instead.
I want to hide it’s options for everyone except the super admin (in mu installation).
It’s options come under the options menu not in under the dashboard.
