edit_plugins capability

  • I like to include this line in wp-config.php:

    define( 'DISALLOW_FILE_EDIT', true );

    To easily, globally disable theme and plugin editing, which I never have a use for, and is potentially risky.

    Unfortunately, some plugins use the edit_plugins capability (which is removed by the above setting) as a kind of “is this user an admin?” test. I think this is a bad idea generally – something less likely to be disabled, such as update_core or manage_options, should be used to test for admins.

    I’ve just discovered that Plugin Notes (which I love!) also uses this capability. Now, I can see a little logic in this choice, unlike with other plugins using this as a test. Still, by adding a note to a plugin you’re not really “editing” the plugin at all. Is there any reason to not use another admin-only capability? There’s quite a few that are just as or more appropriate than edit_plugins, and which I don’t think are as likely to be disabled by something like the above setting.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘edit_plugins capability’ is closed to new replies.