Thread: Security Settings

Security Settings

Adding to this: If logged in as a user (default role set to contributor) and I type http://www.domain.com/wp-admin/ I can actually access the WP panel despite setting the Back-Office to Administrator level only under the Security settings.

Remedy / Temp fix for this issue:

File: theme-functions.php
Add the following code:

// block WP admin access
function prevent_admin_access() {
if (strpos(strtolower($_SERVER['REQUEST_URI']), '/wp-admin') !== false && !current_user_can('administrator')) {
wp_redirect(get_option('siteurl'));
}
}

add_action('init', 'prevent_admin_access', 0);
// End of code

Was the code redone from scratch for 3.1? Cause this was working fine before.

Again, my install is on a FRESH new WP 3.1.4 (French)