I work for a web design/digital marketing agency as a support rep/junior developer. For context, we have about 300 sites. We exclusively offer managed hosting, so we try to limit how much trouble our clients can get into by poking around where they shouldn’t or installing random plugins and such. Currently, we handle this by removing certain items from the admin menu and redirecting from certain admin pages. It’s not a very sophisticated solution for sure.
Ideally, I’d like to leverage WordPress’ native role capabilities as much as possible for this. We’ve experimented with different combinations of capabilities on existing or custom roles, but ultimately hit some kind of snag where it doesn’t quite work in certain situations.
The main issue we’ve run into is a lack of consistency in how plugins determine who can access them. Some add their own custom capabilities, which can be a pain but isn’t too hard to resolve. Many utilize the “manage\_options” capability as you might expect, but many others use seemingly random ones or just flat out check for a given role.
At this point, I’m starting to consider somehow hijacking the Super Admin role on non-multisites. It seems to provide the separation of capabilities we need while avoiding the hang-ups we’ve had so far. I haven’t found much info to suggest that this is even doable, much less been done before, and I’m really starting to reach beyond my current level of experience. I’m sure this isn’t a unique problem, so any other suggestions would be appreciated!
[ad_2]