WordPress provides variety of user roles and capabilities.
It is able to modify user roles with functions.php
dynamically as well as capabilities.
WordPress: modify user capabilities dynamically with functions.php
nabbisen ・ May 8 '21
#wordpress
#authorization
#php
#security
In other words, in terms of security, it is able to act as administrator
when there is a way to edit functions.php
such as FTP.
Here is a code example.
# functions.php
function custom_user_role() {
// get user
$user = new WP_User( <user-ID> );
//$user = new WP_User( '<user-login-name>' );
//$user = wp_get_current_user();
// modify roles
// for example, set/unset them as administrator
$user->add_role( 'administrator' );
//$user->remove_role( 'administrator' );
}
// register action
add_action( 'admin_init', 'custom_user_role' );
Adding it to functions.php
gives the user, which is got by ID, login name or login information, the role as editor
even if they is just a reader
or a editor
.
Wordpress user roles list is here.