I like to include this line in wp-config.php:
define( 'DISALLOW_FILE_EDIT', true );
To easily, globally disable theme and plugin editing, which I never have a use for, and is potentially risky.
Unfortunately, some plugins use the
edit_pluginscapability (which is removed by the above setting) as a kind of “is this user an admin?” test. I think this is a bad idea generally – something less likely to be disabled, such as
manage_options, should be used to test for admins.
I’ve just discovered that Plugin Notes (which I love!) also uses this capability. Now, I can see a little logic in this choice, unlike with other plugins using this as a test. Still, by adding a note to a plugin you’re not really “editing” the plugin at all. Is there any reason to not use another admin-only capability? There’s quite a few that are just as or more appropriate than
edit_plugins, and which I don’t think are as likely to be disabled by something like the above setting.
- The topic ‘edit_plugins capability’ is closed to new replies.