Articles of authorization

How to display archive page posts based on author_id

I would like the posts to be displayed on archive page of custom post – gallery based on author_id i.e. the author_id is passed as permalink variable. The posts displayed on archive page would be only those posts published by author whose author_id is passed. My custom post gallery archive page has the url http://localhost/?post_type=gallery […]

Restrict user role Author from viewing comments in admin interface

I want to add an user as an Author to my blog, so that he can publish posts. But i don’t want him to be able to view all the (unapproved) comments in the admin interface. Is there any code snippet / plugin that can do what i want ? I tried plugins like Role […]

Authenticating user for custom post type

Referring to the docs got add_meta_box, // Check permissions if ( ‘page’ == $_POST[‘post_type’] ) { if ( !current_user_can( ‘edit_page’, $post_id ) ) return; } else { if ( !current_user_can( ‘edit_post’, $post_id ) ) return; } } If I want to authenticate a user for editing a custom post type “portfolio”, do I do something […]

WordPress Authentication Middleware

What I want to achieve is: For every request , if the user is not logged he / she will be redirected to the log in page. If the user is logged in then he / she can access the site. class Auth{ protected static $instance = null; public function checkAuth(){ auth_redirect(); } public static […]

Why does this check to see if user is authorized to edit a post fail for all but super admins?

I’m trying to determine if a piece of content can be edited by a user. I would like all roles contributor and above to be authorized by a single check. Here’s my code: if( empty( $post_id ) || !current_user_can(‘edit_post’, $post_id) ) { return; } Unfortunately, the only users that don’t get the return are super […]

how can i embed wordpress backend in iframe

I have 2 websites and and need them to show the same. Now I put an iframe in index.html and upload to It’s ok for frontend but it’s doesn’t work for backend, where it shows a blank page. Can anyone suggest me how I can solve this problem ?

How does authenticate a supplied WordPress account

I’m curious to know how authenticate a supplied WordPress admin login credentials. And after authorization is granted, how does it publish post on our behalf? am curious to know what communication protocol it is using.

What is the purpose of having a token in cookies?

WordPress utilizes cookies for better security, and I’ve been trying to understand how exactly this could make a WordPress website more secure, and I found this article . There’s a pretty decent explanation, but it concerns the 3.9 version, so it’s a little bit outdated. I compared the sources of the current WordPress code and […]