Title: utopa's Replies | WordPress.org

---

# utopa

  [  ](https://wordpress.org/support/users/utopa/)

 *   [Profile](https://wordpress.org/support/users/utopa/)
 *   [Topics Started](https://wordpress.org/support/users/utopa/topics/)
 *   [Replies Created](https://wordpress.org/support/users/utopa/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/utopa/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/utopa/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/utopa/engagements/)
 *   [Favorites](https://wordpress.org/support/users/utopa/favorites/)

 Search replies:

## Forum Replies Created

Viewing 1 replies (of 1 total)

 *   Forum: [Alpha/Beta/RC](https://wordpress.org/support/forum/alphabeta/)
    In 
   reply to: [Editor given edit user role can promote self to Admin](https://wordpress.org/support/topic/editor-given-edit-user-role-can-promote-self-to-admin/)
 *  [utopa](https://wordpress.org/support/users/utopa/)
 * (@utopa)
 * [17 years, 7 months ago](https://wordpress.org/support/topic/editor-given-edit-user-role-can-promote-self-to-admin/#post-818099)
 * pumpkinpatch,
    Same problem for me. I tried first to filter using update_user_query,
   but I couldn’t get it to filter this at all. If you’re still looking for a solution,
   this will do the job in v2.7 (until this can be more gracefully resolved with
   a plugin or permanent patch):
 * This handles preventing updates from the main user listing, via the dropdown 
   menu.
    /wp-admin/users.php, add the following at line 63
 *     ```
       if ($_REQUEST['new_role'] == 'administrator' && $current_user->user_level != 10)
       { $update = 'err_admin_role'; continue; }
       ```
   
 * This handles preventing updates on the “profile editor” pages.
    /wp-admin/user-
   edit.php, add the following at line 130
 *     ```
       $current_user = wp_get_current_user();
       if ($_REQUEST['role'] == 'administrator' && $current_user->user_level != 10)
       { wp_die(__('You do not have permission to promote a user to this level.')); }
       ```
   
 * This handles preventing adding new users at the admin level.
    /wp-admin/user-
   new.php, add the following at line 23
 *     ```
       $current_user = wp_get_current_user();
       if ($_REQUEST['role'] == 'administrator' && $current_user->user_level != 10)
       { wp_die(__('You do not have permission to add a user at this level.')); }
       ```
   
 * The logic for all three, in English:
    If the role requested to be assigned is“
   administrator” and the current user isn’t already an administrator (i.e., level
   10), throw an error and break out of the update routine.
 * It’s rough, you’re editing core files, but it works without knowing more about
   how to hook into the update_user_query procedure (which may not even be possible
   yet).
 * Hope this helps!

Viewing 1 replies (of 1 total)