https://github.com/volkansah/media-upload-only-for-admins-in-wordpress

Protect your WordPress site from malicious infiltrations with this code snippet! Recently, attackers have been attempting to exploit WordPress sites by uploading NFTs containing hate speech and propaganda. By implementing this snippet, you can help safeguard your site from such threats
https://github.com/volkansah/media-upload-only-for-admins-in-wordpress

crime crime-prediction fraud-detection nft nfts prepare-crime rush trademark-rights wordpress wordpress-security wordpress-upload-issue

Last synced: 6 months ago
JSON representation

Protect your WordPress site from malicious infiltrations with this code snippet! Recently, attackers have been attempting to exploit WordPress sites by uploading NFTs containing hate speech and propaganda. By implementing this snippet, you can help safeguard your site from such threats

• Host: GitHub
• URL: https://github.com/volkansah/media-upload-only-for-admins-in-wordpress
• Owner: VolkanSah
• Created: 2023-05-06T13:21:13.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-06-02T06:41:54.000Z (over 1 year ago)
• Last Synced: 2025-03-28T10:55:45.831Z (6 months ago)
• Topics: crime, crime-prediction, fraud-detection, nft, nfts, prepare-crime, rush, trademark-rights, wordpress, wordpress-security, wordpress-upload-issue
• Language: PHP
• Homepage: https://github.com/VolkanSah/Media-Upload-only-for-Admins-in-WordPress
• Size: 33.2 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml

Awesome Lists containing this project

README

          

# Media Upload Only for "Admins" in WordPress

This code snippet provides a custom function for WordPress that restricts file uploads on the website to administrators or users with the appropriate permissions. This can help prevent unauthorized users from uploading malicious files or using your website for nefarious purposes.

## Table of Contents

- [Simple Function Explanation](#simple-function-explanation)

- [Why Use This Function?](#why-use-this-function)

- [Implementation](#implementation)

- [Best Practices](#best-practices)

- [Credits](#credits)

- [License](#license)

## Simple Function Explanation

```php

if ( ! defined( 'WPINC' ) ) {

    die;

}

function media_upload_only_for_admin( \$file ) {

    if ( ! current_user_can( 'manage_options' ) ) {

        \$file['error'] = 'You can't upload images without admin privileges!';

    }

    return \$file;

}

add_filter( 'wp_handle_upload_prefilter', 'media_upload_only_for_admin' );

```

- The custom function \`media_upload_only_for_admin\` checks if the current user has the capability to \`manage_options\`, which is usually associated with administrators. If they do not have the required capability, an error message is added to the \`$file\` array, preventing the file upload.

- The \`add_filter()\` function hooks the custom function to the \`wp_handle_upload_prefilter\` filter, which is triggered before a file is uploaded to the WordPress media library.

## Why Use This Function?

By implementing this function, you can:

- Enhance the security of your WordPress website by preventing unauthorized file uploads.

- Protect your website from being used for illegal activities.

- Ensure that only users with the appropriate permissions can upload files, maintaining control over the content hosted on your website.

## Implementation

To use this function, add the code snippet to your theme's \`functions.php\` file or create a custom plugin to include it.

### Adding to \`functions.php\`

1. Open your WordPress theme directory.

2. Locate the \`functions.php\` file.

3. Add the code snippet to the end of the \`functions.php\` file.

4. Save the file.

### Creating a Custom Plugin

1. Create a new folder in the \`wp-content/plugins\` directory, e.g., \`media-upload-restrictor\`.

2. Inside this folder, create a PHP file, e.g., \`media-upload-restrictor.php\`.

3. Add the following plugin header to the top of the file:

```php

```

4. Activate the plugin through the WordPress admin dashboard.

## Best Practices

- **Backup**: Always make a backup of your website before making changes to the code.

- **Staging Environment**: Test the functionality in a staging environment to ensure it works as expected.

- **Security**: Regularly review and update your security practices to protect your WordPress site.

### Thank you for your support!

## Credits

- [VolkanSah on Github](https://github.com/volkansah)

- If you appreciate my work, give a :star: to my projects, follow me, or [become a sponsor](https://github.com/sponsors/volkansah).

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.