Hide plugins via Access & Security Policy

  • Resolved inomi13

    (@inomi13)


    7 months, 1 week ago

    I don’t know why below code doesn’t work with latest version AAM. With previous version code was work.

    {
    "Version": "1.0.0",
    "Statement": [
    {
    "Effect": "deny",
    "Resource": [
    "Plugin:advanced-access-manager",
    "Plugin:code-snippets"
    ],
    "Action": [
    "WP:deactivate",
    "WP:activate",
    "WP:edit"
    ]
    }
    ]
    }

Viewing 1 replies (of 1 total)
  • Plugin Support Vasyl Martyniuk

    (@mvb_wordpress)

    7 months ago

    @inomi13,

    The “Plugin” resource was removed in AAM 7 after a thorough evaluation revealed significant inconsistencies in how WordPress core manages plugins across the Backend and the REST API. Specifically, while this resource allowed access control over the plugin list in the Backend, it proved ineffective for the REST API.

    Additionally, we determined that the /plugins endpoint in WordPress core lacks the flexibility needed to support the same level of granular access control available on the Backend Plugins page.

    To avoid creating a false sense of security, we made the decision to remove this resource entirely in AAM v7.

    Regards.

Viewing 1 replies (of 1 total)

The topic ‘Hide plugins via Access & Security Policy’ is closed to new replies.