Support » Plugins » Hacks » Delete post without access to wp-admin

  • I disabled wp-admin with a plugin because i don’t want it to be accessed by any non admin user.

    The problem is that i want my authors to be able to delete their own posts with the link:

    <a href='" . wp_nonce_url("wp-admin/post.php?action=delete&post=$id", 'delete-post_' . $post->ID) . "'>

    The problem is that this link needs access to wp-admin so the users cannot delete their posts now.

    Is there a workaround to keep wp-admin disabled for authors but still let them delete posts from the frontend?

Viewing 4 replies - 1 through 4 (of 4 total)
  • There is certainly a way to achieve it, but you’re going to need to figure out how to generate the _wpnonce= on demand.

    You can setup a URL like this:

    http://domain.com/wp-admin/post.php?post=2124&action=trash&_wpnonce=d2a8f49175

    Then dynamically insert then post=#### in there, but again, you’ll need to figure out how to generate the _wpnonce properly.

    Also, since wp-admin is disable for non-admins, how are they even writing a post to begin with? Seems fairly counter-productive to disable wp-admin entirely. Are you concerned about security or such?

    Hi Jonathan,

    The posts are created through a form on the frontend. It is a website where everyone can register and upload. I don’t want them to see the wordpress backend 🙂

    I will look into your suggestion!

    Thanks.

    Hi there. I think doing it that way would lead to unnecessary complications, not to mention the dangerous hacking potential you would be exposing yourself to.
    Is there a particular reason why you don’t want your authors accessing the back-end?
    Because if you manage your roles wisely (there are several plugins for that, such as Role Manager or Capability Manager), they could delete their posts from the admin section instead.
    If you are worried about them deleting other people’s posts, that would just not happen if your roles are properly configured, so they would only see their posts (and comments to their posts, if allowed).
    Role Manager: http://sourceforge.net/projects/role-manager/
    Capability Manager: http://wordpress.org/extend/plugins/capsman/
    Cheers!

    This page might help
    http://voodoopress.com/edit-and-delete-posts-from-front-end-with-no-plugin/

    I wasn’t able to get the edit feature to work but the delete feature does for sure.

    Best of luck!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Delete post without access to wp-admin’ is closed to new replies.