Allow collaborators to upload images

 geek fellow

The profiles and capabilities of WordPress are predefined to a standard configuration that does not always fit your needs, that is why in practically any multiuser WordPress we will be tempted to install a plugin to customize these settings.

But it is not always necessary.

One of the most common situations is to give more permissions to the profile of " Contributor "which, by default, can create entries and send them for review, but can not upload images.

This, which assumes a high level of security, can be a real nuisance for the editor , that has not only to approve the publication but to illustrate the same with images since the collaborator does not have permission to do it.

Do not believe, it makes sense, because it is not only a security control p to avoid uploading compromised files, but in an editorial environment it is important to control that the images used in publications are adequate (for the power of attraction) and, more importantly, that they have the permissions Relevant author to avoid denunciations.

Now, since it is something that can be controlled a posteriori by the editor, in many environments it will make all the sense to allow collaborators to upload images .

 fellow "width =" 540 "height =" 376 "class =" aligncenter size-full wp-image-70812 "srcset =" jpg 540w, 500w "sizes =" (max-width: 540px) 100vw, 540px "/> </p>
<p> If you want, you can install one of the multiple plugins that allow you to customize, or even create, profiles and capabilities, how <em> Members </em> or <em> Role Scoper </em>but if it's too much, and you just want to add this functionality, <strong> you can add it to your <a href= utilities plugin simply by adding this code:

G Save the changes and the next time a contributor accesses the WordPress ticket editor and will have the image loader enabled .

NOTICE : This publication is two or more years ago. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

Forum and WordPress Forums

I'm sure you've noticed, since I migrated to Gigas a few days ago, weird things happened with the WordPress Forums . It was not because of the new hosting, but because of my stubbornness, pure and hard.

And it's been a while since I wanted to migrate the old bbPress forums to bbPress plugin because in WordPress, as in any software, the old versions stop having support and updates, but I was held back by the youth of the plugin and, above all, the migration of the independent forum system to the plugin.

And, taking advantage of the migration, I got down to work. Result? …

  • The old forums are still active, but they have access problems, something has happened with the database in the migration, and that is that bbPress is already somewhat old-fashioned in its independent version
  • The new forums work perfectly, with all the threads, forums and messages perfectly migrated, but it lacks functionalities (still) of the old forums as navigation resources for the last messages and things like that
  • All the users have been migrated from the old forums to the new ones, apparently without problems except for a user who has warned me and I have solved it
  • The WordPress Help search now includes results both from the blog and the new forums (thanks to Luis for notifying me)

If you are interested, the migration process was as follows:

  1. Initial deactivation of old forums, to lose nothing in migration
  2. Migration of independent bbPress to bbPress plugin using bbConverter . It took many hours, since we had to migrate 28 forums, with almost 9,000 users, which contained more than 12,000 threads with more than 35,000 messages, there is nothing
  3. Personalization of the profiles of migrated users, already within WordPress, with the help from Members … and many clicks from me
  4. Integration of blog search engine and forums using Search bbPress
  5. Reactivation of old forums so that the content will be back available even if only in query mode
  6. Change the links of the old forums to the new forum

Of course, I still have many things to refine and add, and that is that forums systems are the most complicated thing always migrate. But if you think the process of migration of a bbPress is complicated, you have not faced updates to Invision Power Board or other systems, which always give war. In this migration, which was radical when going from an independent system to an integrated plugin, the process has been even better and easier than expected by far.

Things I do not like about bbPress plugin?

  • When you insert a link in an entry, you will also find internal links to threads in the forums, which makes it more complicated to find related entries. Things of the total integration
  • The translations do not integrate well and there is no location for the adapted topic
  • If you do the manual integration of subject you have to modify it practically line by line
  • You have to modify the subject a lot so that fits the thing well to each theme

Things I like about bbPress plugin?

  • Now updates will be sewing and singing
  • Automatic integration with the current theme works quite well if you do not ask for frills
  • ] Integration of users with total WordPress
  • How well now works the control of spam

Now, while I finish solving the small problems that I mentioned before, you can visit the new WordPress forums , as always.

NOTICE : this publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

Disable users without deleting them • WordPress Help

I do not know about you but it happens to me a lot. Whenever I have the WordPress user registry active, let's not say if I allow them to act as collaborators with publication possibilities, there are mansalva records of readers who, later, decide not to participate. And this in the best case.

Because then there are the spammers who register there where they see an ' wp-login.php ' active, to try to strain

And it is especially with these that, although you can erase them, it is better to deactivate them instead of eliminating them altogether. And this is because if you delete it, but if you deactivate it, it keeps your site active for spam, even if you cancel all the permissions, so you do not receive new registration attempts.

This is true in any WordPress with the registry open , and let's not say in WordPress multisite, especially if you have the possibility to create new blogs / sites.

Another situation is when your WordPress site is a community, like a BuddyPress or a Multisite, in those occasions it is especially useful a system of deactivation, temporary or not, of users, in the style of moderation in forums.

Well, there are several simple ways to keep these (or others) users "alive" but inactive …

The first one would be manual action already available in WordPress by default, to download the profile to the Subscriber level, with which they can only read. This, if you combine it with a restriction plugin to access parts of the desktop is practical and effective enough most of the time.

Another option which you may not know, is to use the plugin User Control . What this code does is add a new "capacity" to the user roles through which, and no matter what profile they have, you can deactivate them. The only profile it does not act on is that of Administrator.

Once a user has been deactivated their account is still active but, when they try to access your site, they are shown a message that their user has been deactivated very similar to the typical "baneo" in the forums, and a way to "put hot packs" to users entangled.

The last one, a bit more more sophisticated goes through the plugin Members which you already know. With this plugin you can customize roles and capabilities of users on your site, and even create new profiles.

Here the option would be to create a new profile, which we will call "Bozo" (is a username used in the culture " forera "which indicates that it is an annoying user, and is also used in bbPress), for example. We do not assign to this profile any capacity, not even the basic "Read", which is the only one that has the default Subscriber profile.

Then we only have to assign this profile to the users that we want to deactivate. From there, when they try to access WordPress they will receive a nice error message.

I personally "put" more the "Members method" but it must be recognized that with "User control" it seems less radical, and maybe it enfaden less deactivated users.

Of course, if you can think of a better way to tell it in the comments, there is sure to be and I do not know, and we would all like to learn more.

NOTICE : this publication It's two or more years ago. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

Avoid changing the subject

As a continuation of what we were talking about yesterday, where we explained how to avoid the deactivation of plugins today we are going to see a great trick with which prevent someone from changing the subject in WordPress .

The most common situation, again, is a website that you have set up for a client and this, with more permissions than you should, can not think of anything else that installs a theme and change the subject " to see how the web is like this ". The result you already know, that the normal thing is that it makes a disaster and then does not succeed with activating the previous one or that, when activated, something stops working.

Ea, well, let's heal in health and, if it's your case , let your client install plugins and those things but do not change the subject you have been working hard for one with more colors than your daughter said it is cooler because it looks like Tuenti.

Just add this code to file functions.php of your wonderful subject, you keep the changes and you already have it. The only thing you have to adapt of the code is the user ID that you have access to, that is, your administrator user ID, which if it is not "1" you have to change it for your ID.

Again, if you prefer to use plugins, you can use the capabilities restriction functionality of the Members plugin .

] The code is a adaptation of the wpmu day trick

NOTICE : this publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

Avoid deactivating plugins

One of the most delicate things when you set up a website with a WordPress client is the fact that you disable or modify plugins that, if you do not do it with knowledge, can destroy the site . It's not weird, it happens, especially if we talk about plugins that you have customized or without which the theme will not work correctly.

I do not mean to be able to install them, something quite normal if your client wants add functionalities Moreover, if you want to not touch anything of the plugins you can do it with the wonderful plugin Members . Here we are going to make sure that, at least, it does not touch what you have installed and configured it.

Well, if you want to avoid calls at odd hours because "I have dropped the web", you can add this code to the file functions.php of your active theme and you already have it:

add_filter ( 'plugin_action_links' 'slt_lock_plugins' 10 4 ) ;

function slt_lock_plugins ( $ shares $ plugin_file $ plugin_data $ context ) {

// We remove the edit link for all if ( array_key_exists ( 'edit' $ actions ] ) )

unset ( $ shares [ 'edit' ] ) ;

// We remove the in lace to disable in important plugins, change the examples for yours

if ( array_key_exists ( 'deactivate' $ shares ) && in_array ( $ plugin_file array (

'slt-custom-fields / slt-custom-fields.php'

'slt-file-select /slt-file-select.php',

'slt-simple-events / slt-simple-events.php'

'slt-widgets / slt-widgets.php'

) ) )

unset ( $ actions [ 'deactivate' ] ) ;

return $ actions ;


Let no one touch my subject!

I'll answer before I start: " Yes, ok, you can also make users not have profiles that allow them to change the subject or modify it ". And there are very capable plugins, such as Role Manager or Members, to create personalized profiles.

But what if your "client" does not want restrictions ?, if he wants full access except the agreement that has arrived with you, as the designer of the site, from DO NOT TOUCH YOUR SUBJECT, NOR DEACTIVATE IT OR CHANGE THE THEME .

Then it seems to make sense to deactivate any option so that nobody, perhaps save yourself, has access to the options of the topic, even at menu itself.

And you have it.

Publishers who can not create Administrators

I have long recommended the use of Members a fantastic plugin, to properly manage WordPress capabilities and roles, but there are times when it is not perfect, it has its nuances, I mean … [19659002] It is quite common to modify, once installed, some user profile (we are always talking about multiuser sites) so that, in turn, you can add other users. The idea is to build a collaborators structure in which someone, usually the Editor not only reviews the content created by users with profile of Contributor and Author but also can make " responsible for human resources " and add, modify and delete user profiles and their capabilities.

Well, with Members we can do all this but there is a catch and is that when we assign to a user profile the ability to create and / or modify users you can also create and / or modify users with Administrator profile, with the danger that this entails but check the table of Profiles and Capabilities of WordPress .

Fortunately, everything has a solution, so if this is your case (mine if it is, then I manage a network of blogs with multiple user profiles), you just have to acer esto:

  1. Instalas y activos Members
  2. Choose (or create) a user profile to which you will add the capabilities to create, modify, delete, change profiles and users

  3. Add this code to the file functions.php of your active topic:
     class JPB_User_Caps {
      // Add our filters
      function JPB_User_Caps () {
        add_filter ('editable_roles', array (& $ this, 'editable_roles'));
        add_filter ('map_meta_cap', array (& $ this, 'map_meta_cap'), 10.4);
      // Remove 'Administrator' from the list of roles if the current user is not an admin
      function editable_roles ($ roles) {
        if (isset ($ roles ['administrator']) &&! current_user_can ('administrator')) {
          unset ($ roles ['administrator']);
        return $ roles;
      // If someone is trying to edit or delete and that user is not an admin, do not allow it
      function map_meta_cap ($ caps, $ cap, $ user_id, $ args) {
        switch ($ cap) {
            case 'edit_user':
            case 'remove_user':
            case 'promote_user':
                if (isset ($ args [0]) && $ args [0] == $ user_id)
                elseif (! isset ($ args [0]))
                    $ caps [] = 'do_not_allow';
                $ other = new WP_User (absint ($ args [0]));
                if ($ other-> has_cap ('administrator')) {
                    if (! current_user_can ('administrator')) {
                        $ caps [] = 'do_not_allow';
            case 'delete_user':
            case 'delete_users':
                if (! isset ($ args [0]))
                $ other = new WP_User (absint ($ args [0]));
                if ($ other-> has_cap ('administrator')) {
                    if (! current_user_can ('administrator')) {
                        $ caps [] = 'do_not_allow';
        return $ caps;
    $ jpb_user_caps = new JPB_User_Caps (); 
  4. You save the changes and You're done! now the new user profile will be able to create and modify profiles but you will not be able to create administrators or modify their profiles to not to be, in turn, administrator

Enjoy it!

What you read is an original content of Help WordPress – Resources, themes, plugins and tutorials in Spanish and published it Fernando Tellado first here: Editors who can not create Administrators

Roles and capabilities

It is not the first time that we talk about Profiles and Capabilities in WordPress I have even talked about how to manage them, but I thought that we had to give a little more light in this matter, and for that I have created a table in which you will understand better what each type of user can do in WordPress for the capacities assigned to it.

As you already know, native WordPress capacity management is not the best of the world, and surely more than once you've wanted to assign extra capabilities to a profile without having many others (you just have to look at the table in the huge jump that there is of Author to Editor ), and since everything has a solution, if this is the case, how will you best take advantage of the information in this table, and you will be able to properly manage profiles and capabilities in WordPress I recommend you use the plugin Members which supplements ta lack.

Well, here is the table, I hope it helps to clarify a bit this issue of the Profiles and Capabilities in WordPress . Its use is simple, on the left you have the list of capabilities with its explanation to its right, and in the column of each type of User Profile if there is a logo in the cell it has the capacity of the first column …