Security Settings
Adding to this: If logged in as a user (default role set to contributor) and I type
http://www.domain.com/wp-admin/ I can actually access the
WP panel despite setting the Back-Office to Administrator level only under the Security settings.
Remedy / Temp fix for this issue:
File: theme-functions.php
Add the following code:
// block
WP admin access
function prevent_admin_access() {
if (strpos(strtolower($_SERVER['REQUEST_URI']), '/
wp-admin') !== false && !current_user_can('administrator')) {
wp_redirect(get_option('siteurl'));
}
}
add_action('init', 'prevent_admin_access', 0);
// End of code
Was the code redone from scratch for 3.1? Cause this was working fine before.
Again, my install is on a FRESH new
WP 3.1.4 (French)