How to Limit WP-Admin Functionality for the Contributor Role

If you run a multi-author blog and you’re letting other writers pen their articles directly in your blog’s wp-admin, you will probably want to limit wp-admin functionality – in other words, their access to what they can see or do.

By default, the contributor role, which is the most likely role you’re going to be using for these guest authors, allows access to some things that I don’t think should be accessible in most cases.

Here’s how I address it on my own WordPress sites.

How to Limit WP-Admin Functionality

Security Logging

The first thing I always do on such blogs is to install the WP Security Audit Log plugin. This is a magnificent plugin that shows all actions taken by any user within your blog.

WP Security Audit Log Plugin

I’m of the opinion that if you are running a multi-author blog, this is one of the essential plugins you should be using. In fact, for me, it’s as essential as an SEO plugin on such blogs. Heck, I also use it on any other WordPress site I build because I place a high emphasis on security and logging for my sites.

How to Check What Another User Can See

With that plugin installed, the next plugin I’ll install is User Switching (free). This permits me to easily switch to any specific user registered on my website. I can, therefore, check how the dashboard looks for that user and customize it accordingly.

Customizing the User Role & Capabilities

Next, I need an easy way to customize the dashboard and remove items that the user should not have access to. For that, I use the free plugin called Adminimize.

It enables you to edit all the capabilities associated with a user role using a number of checkboxes. It’s simple enough to figure out once you install it.

Additionally, I install the Code Snippets plugin and add a few snippets as follows.

First, we need to enable media uploads for the contributor role:

// Allow Contributor Role to Upload Media

if ( current_user_can('contributor') && !current_user_can('upload_files') )
    add_action('admin_init', 'allow_contributor_uploads');

function allow_contributor_uploads() {
    $contributor = get_role('contributor');
    $contributor->add_cap('upload_files');
}

Then I also want to disable the contributor’s ability to view other posts written by different authors in wp-admin. For this, I use the following code snippet:

function posts_for_current_author($query) {
    global $pagenow;
 
    if( 'edit.php' != $pagenow || !$query->is_admin )
        return $query;
 
    if( !current_user_can( 'edit_others_posts' ) ) {
        global $user_ID;
        $query->set('author', $user_ID );
    }
    return $query;
}
add_filter('pre_get_posts', 'posts_for_current_author');

That’s It

By using the above methods, I can rest assured that contributors have what they need to prepare their content and just that. This is not limited to just the Contributor role, of course, so the same can be applied to other user roles and capabilities depending on your needs.

Have you struggled with this yourself? Had you found a different solution? Let us know in the comments below.

About Jean Galea

Jean Galea is a WordPress developer, entrepreneur and padel player. He is the founder of WP Mayor, the plugins WP RSS Aggregator and EDD Bookings, as well as the Mastermind.fm podcast. His personal blog can be found at jeangalea.com.

Related Articles

Let's block ads! (Why?)


SHARE

Unknown

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment

0 comments:

Post a Comment