Support » Plugins » Hacks » Remove caps

  • Resolved Angelo Rocha


    Is possible remove “upgrade_core” cap from specific administrator?
    I try:

    function admin_security() {
    	$adminID   = get_current_user_id();
    	$userCap = new WP_User($adminID);
    	if ( $adminID != 1 ) {
    		$userCap->remove_cap( 'update_core' );
    		$userCap->remove_cap( 'update_plugins' );
    		$userCap->remove_cap( 'update_themes' );
    		$userCap->remove_cap( 'install_plugins' );
    		$userCap->remove_cap( 'install_themes' );
    		$userCap->remove_cap( 'delete_themes' );
    		$userCap->remove_cap( 'delete_plugins' );
    		$userCap->remove_cap( 'edit_plugins' );
    		$userCap->remove_cap( 'edit_themes' );
    		$userCap->remove_cap( 'switch_themes' );
    		$userCap->remove_cap( 'remove_users' );
    		$userCap->remove_cap( 'activate_plugins' );
    } add_action( 'admin_init', 'admin_security' );

    In this situation i’m trying to keep certain caps only for administrator ID 1.
    But not success =(

    Note: I have good reasons to need to do so.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator bcworkz


    No, because the caps actually belong to the administrator role, not the user. If you removed the cap from the role, it would affect all administrator users.

    What you could do is create a new role that is the same as administrator except for that one cap, then assign this role to that one user.

    Thread Starter Angelo Rocha


    Imagined, thanks for the info, really did not want to create another role.

    Thread Starter Angelo Rocha


    A little solution:

    function ars_admin_screens(){
    	$current_screen = get_current_screen();
    	$adminID = get_current_user_id();
    	if( $current_screen->id === 'update-core' ){
    		if($adminID != 1){
    			wp_die('Ooooops... <a href="javascript:history.go(-1)" title="Back">Back</a>');
    } add_action( 'current_screen', 'ars_admin_screens' );


    Moderator bcworkz


    🙂 That’ll probably work for the most part, but it is possible to invoke an update without going to that screen, so not totally secure. It’ll keep the riff-raff out though.

    FWIW, you could avoid a new role by assigning the Editor role, then assigning all the other caps an admin has (except update-core of course) to each applicable user’s object.

    Someone may not like being “only” and editor, but it’s only a label, you could re-name the role “uber-admin” for all it matters. It’s meaningless since they still only have editor caps.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Remove caps’ is closed to new replies.