I’m currently developing an intranet and I am using Justin Tadlock’s Members plugin to control roles and capabilities.
I have created a HR role to allow Human Resources staff to create and edit user accounts. All staff created in WP are given the contributor role with a select few members of staff given editor and administrator roles.
What I want is to stop staff from logging in and changing their own profile information. Only staff of the HR role should be able to edit profile information.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
great answer, to take this a step further and for anyone looking to apply this to all non-admin users (e.g. contributers, editors etc.)
// ===== remove edit profile link from admin bar and side menu and kill profile page if not an admin
if( !current_user_can('activate_plugins') ) {
function mytheme_admin_bar_render() {
global $wp_admin_bar;
$wp_admin_bar->remove_menu('edit-profile', 'user-actions');
}
add_action( 'wp_before_admin_bar_render', 'mytheme_admin_bar_render' );
function stop_access_profile() {
if(IS_PROFILE_PAGE === true) {
wp_die( 'Please contact your administrator to have your profile information changed.' );
}
remove_menu_page( 'profile.php' );
remove_submenu_page( 'users.php', 'profile.php' );
}
add_action( 'admin_init', 'stop_access_profile' );
}
Method 2
Worked it out with a bit of time. Here is the code I am using:
<?php
/*
Plugin Name: Restrict User Editing Own Profile
Plugin URI: http://www.philosophydesign.com
Description: Restricts users from editing their own profile information.
Author: Scott Cariss
Version: 0.1
Author URI: http://www.philosophydesign.com/scott-cariss.html
*/
add_action( 'admin_menu', 'stop_access_profile' );
function stop_access_profile() {
remove_menu_page( 'profile.php' );
remove_submenu_page( 'users.php', 'profile.php' );
if(IS_PROFILE_PAGE === true) {
wp_die( 'You are not permitted to change your own profile information. Please contact a member of HR to have your profile information changed.' );
}
}
?>
The above code stops anyone from editing their own profile information despite who they are. People who have the ability to create and edit uses can still do so but cannot alter their own.
Method 3
Solution as a (MU-)Plugin
I checked all the provided solutions and thought I could make a nice MU-Plugin out of it. The only real change is that it avoids
<?php
! defined( 'ABSPATH' ) AND exit;
/**
* Plugin Name: Disable profile page link
* Description: Remove edit profile link from admin bar and side menu and kill profile page if user isn't an administrator.
*/
# Version: 2012-09-15.2245
function oxo_stop_access_profile()
{
// Remove AdminBar Link
if (
'wp_before_admin_bar_render' === current_filter()
AND ! current_user_can( 'manage_options' )
)
return $GLOBALS['wp_admin_bar']->remove_menu( 'edit-profile', 'user-actions' );
// Remove (sub)menu items
remove_menu_page( 'profile.php' );
remove_submenu_page( 'users.php', 'profile.php' );
// Deny access to the profile page and redirect upon try
if (
defined( 'IS_PROFILE_PAGE' )
AND IS_PROFILE_PAGE
AND ! current_user_can( 'manage_options' )
)
{
wp_redirect( admin_url() );
exit;
}
}
add_action( 'wp_before_admin_bar_render', 'oxo_stop_access_profile' );
add_action( 'admin_menu', 'oxo_stop_access_profile' );
Method 4
All the solutions above use the constant : IS_PROFILE_PAGE
if( IS_PROFILE_PAGE === true ) {
But, if wordpress debug is set to true, it will throw “undefined constant” error. To fix it :
if( defined('IS_PROFILE_PAGE') && IS_PROFILE_PAGE === true ){
........................
}
Method 5
add_action( 'admin_menu', 'prefix_disable_profile_access' );
function prefix_disable_profile_access() {
if( ! current_user_can('editor') || ! current_user_can('administrator') ) { // You can add the user roles who can edit their profiles here.
remove_menu_page( 'profile.php' );
remove_submenu_page( 'users.php', 'profile.php' );
if ( true === IS_PROFILE_PAGE ) {
wp_die( 'You are not permitted to change your own profile information. Please contact a member of HR to have your profile information changed.' );
}
}
}
Hope this help some one.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0