Capabilities not working

  • I’m outsourcing my website and want to give certain privileges while avoiding my account getting taken. This is a brand new website started from scratch but I still am more comfortable be careful despite my free lancers insistence on me making them admin. My solution was to give them an editor role and add the capabilities they need mainly installing and using plugins. Despite editing their capabilities and editing the permission of the role itself nothing has changed on their end. I’ve deleted and made them a new account but that didn’t work either.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Vladimir Garagulya

    (@shinephp)

    If user can install plugin, that is execute on your server any PHP code, it can get superadmin credentials in a minute. WordPress user permissions manage user access to WordPress UI, but lose sense if such user has access to the database via PHP code executed as new installed plugin.

    Problem would be related to the data cache. Try to clear all cache, clear browser cookie too.

    Thread Starter eyork

    (@eyork)

    is there a way you can explain this in laymans terms? I gathered that if my employee had ability to install plugins they could exploit that capability to get super admin cridentials, so by letting them have that ability I would be putting my site in jeopardy. Also that if I still wanted to move forward i could clear cache to fix my issue. Is that correct?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Capabilities not working’ is closed to new replies.