WordPress - Design Problems

All software has a few problems.

Filters | "Tools" Security Hole | Deleting Users


Filters are called with varying numbers of parameters. In the case of the show_password_fields filter, if the function definition has 2 parameters, there will be an error when only one parameter is passed. (Actually, that is a good thing. The problem is that in one case 2 parameters are passed, and in the other only one is passed.) Instead, you must write code to accept a variable number of parameters. When the filter is registered, be sure to specify that 2 parameters should be passed if they are available.

Security Hole

Every system user that has the ability to log on has the ability to destroy the system. (This is unbelievable.)

The read capability (available to all registered users) provides the ability to install Gears or the Press This applet via the Tools menu option.

This is a major security hole - there is even a warning not to install this on certain systems. This is something that should be reserved for only the administrator ... not every clueless user.

This code removes it for all users

This only removes the bad submenu, but does not completely stop the option from being available.

Unfortunately, some plugins use that menu, something like the following is better

Deleting Users

Stupid morons!

When you delete a user, WordPress provides 2 options

Unfortunately, the default is to delete everything.

At any rate, there is also a comboBox to select the user to reassign the posts to. (Don't get ahead of me :)

A customer, was deleting one user (a test account) and reassigning about a month's worth of data to a new account. This person selected the new account from the list and clicked Confirm Deletion ... but did not notice that the Delete everything in the world option was still selected. Three days later, it was noticed that some data was missing - about a month's worth. This was a very expensive error ... and a terrible design.

Anything this dangerous and so easy to mess up definitely qualifies as a design problem.


So I decided to delete the delete_users capability from the user roles. Get this, when a user does not have permission to delete user profiles, the code still places the Delete link in the list of users. The only prohibited action is that a user can not delete his own account. From wp-admin/includes/template.php Unbelievable. At least it eventually gives a warning if you actually click the link. My suggestion is to add a filter () and to manually remove the action. Something like this (which I never actually used, see below). Trivial, but should not be necessary.

Of course, there are also the Bulk Actions ... these (there are 2) also contain Delete. And, of course, there are no filters to fix this mess. Thus, the only way to clean this up is to modify wp-admin/users.php. Personally, I don't see any advantage for users to be able to perform bulk delete on user profiles. Therefore, my fix is to simply comment out those lines of code. (I left in the bulk "change roles" option and the associated check boxes, though I don't think it is that useful.)

Since I had to modify a core file anyway, I also changed wp-admin/includes/template.php (instead of using the filter, code folded to multiple lines to make it readable)

Author: Robert Clemenzi
URL: http:// mc-computing.com / ISPs / WordPress / Design_Problems.html