[wp-hackers] WordPress as CMS (was: wordpress security)
Andrew Nacin
anacin at gwhatchet.com
Wed Oct 21 21:06:40 UTC 2009
Press This requires the edit_posts capability. But since no one should have
any _posts capabilities:
add_filter('user_has_cap', 'cms_remove_post_caps');
function cms_remove_post_caps($caps) {
foreach ($caps as $cap=>$v)
if (substr($cap,-5)=='posts') unset($caps[$cap]);
$remove = array('manage_categories','moderate_comments');
foreach ($remove as $cap)
unset($caps[$cap]);
return $caps;
}
That right there removes Posts and Comments from admin menus, knocking a few
items off Stephen's checklist.
More information about the wp-hackers
mailing list