WordPress.org

Ready to get started?Download WordPress

Forums

Plugin Notes
edit_plugins capability (2 posts)

  1. Steve Taylor
    Member
    Posted 3 years ago #

    I like to include this line in wp-config.php:

    define( 'DISALLOW_FILE_EDIT', true );

    To easily, globally disable theme and plugin editing, which I never have a use for, and is potentially risky.

    Unfortunately, some plugins use the edit_plugins capability (which is removed by the above setting) as a kind of "is this user an admin?" test. I think this is a bad idea generally - something less likely to be disabled, such as update_core or manage_options, should be used to test for admins.

    I've just discovered that Plugin Notes (which I love!) also uses this capability. Now, I can see a little logic in this choice, unlike with other plugins using this as a test. Still, by adding a note to a plugin you're not really "editing" the plugin at all. Is there any reason to not use another admin-only capability? There's quite a few that are just as or more appropriate than edit_plugins, and which I don't think are as likely to be disabled by something like the above setting.

  2. Mohammad Jangda
    Member
    Plugin Author

    Posted 3 years ago #

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic