How to disable the Default File Editor in WordPress for certain users?

How to disable the Default File Editor in WordPress for certain users?

Yesterday I read a post on Ryan’s blog about how, if he could, he would remove the default file editor from wordpress. To me, initially the idea sounded to extreme, but after reading his post I don’t think that’s true anymore. I don’t agree 100% with Ryan, but the man has some valid points there:
– stupid users messing around in there, or leaving all kinds of backdoor are the main thing i agree with him.

While reading that .. it crossed my mind that, for my clients, a simple plugin to disable the file editor for certain users would be very handy. I still think Ryan idea is a bit to extreme and there will be another 2-3 releases of WP until someone from there will take something like this into consideration.

Now the good news!
While expressing my toughs on Ryan’s blog, a great and smart guy, named Mannie Schumpert, saw my idea and in response he created a small, fast and smart plugin that makes exactly what i was looking for.

A File Editor Control plugin for WordPress.
The Plugin has no UI component, but is very simple to use. You simply input into an array the ID of the user(s) you want to enable the Editor for (ID1- admin is allowed by default).
Guys, please check out this plugin on github share it fork it, star it 🙂
Also check out Mannie’s blog, he has more smart stuff in there regarding this sort of functionality: WordPress Capabilities Magic

Would you use something like this for your clients?

Share it if you like my post, comment if you agree or disagree!

How to clean your wordpress site from SoakSoak?

How to clean your wordpress site from SoakSoak?

Most of us never heard about this SoakSoak until this weekend. Looks like since this Sunday there where around 100k worpress sites infested with this malware.

This can be fixed if you know how to remove that code and go behind a firewall.
So what code should you remove? what causes this? What all those infected sites have in common? It can’t be the wordpress itself because that would mean 15-20% of the internet would be infected. So what is then?
It looks that the malware uses a vulnerability in an older version of the Slider Revolution. The guys that made that have already fixed it. So .. if it’s fixed ..why are we talking about this anymore?

Because you should always update all your plugins to the latest version!! The vulnerable version is still online on millions of wordpress sites that use an older version of that plugin.

So if you wanna get rid of this malware you should follow the next steps:
1. backup your site

2. update your wordpress to the latest version

3. update all your plugins to the latest version

4. update your theme to the latest version

5. I would install and config BulletProof Security

6. you should check your site for malware on sucuri free scan

7. if you can you should try & buy their antivirus and firewall.

More update on this problem you can find here