Restricting access to settings or files

Question

Currently on WordPress administrators have access to the following resources. This is limited by get_userdata( get_current_user_id() ).

'wp-login.php', 'wp-register.php', 'index.php', 'update-core.php', 'edit.php', 'post.php', 'post-new.php', 'edit-tags.php','term.php', 'upload.php','media-new.php', 'edit-comments.php', 'themes.php', 'theme-install.php', 'customize.php', 'widgets.php', 'nav-menus.php', 'plugins.php', 'plugin-install.php', 
'users.php', 'user-new.php', 'profile.php', 'tools.php', 'import.php'

A post on the dangers of SVG resources, https://wordpress.stackexchange.com/a/247193, suggested limiting access to a theme’s customizer setting using capability arguments of WP_Customize_Manager::add_section() and WP_Customize_Manager::add_setting()

What is the recommended approach to restricting access?

Is the better approach limiting access to specific files or capabilities?

Why is one suitable than the other?

0
Motivated 2 months 0 Answers 14 views 0

Leave an answer