diff --git a/includes/core/class-secure.php b/includes/core/class-secure.php index 437e6de0..16093100 100644 --- a/includes/core/class-secure.php +++ b/includes/core/class-secure.php @@ -291,8 +291,9 @@ if ( ! class_exists( 'um\core\Secure' ) ) { $settings['secure']['title'] = __( 'Secure', 'ultimate-member' ); $banned_admin_capabilities_options = array(); + $default_locked_cap_options = array( 'manage_options', 'promote_users', 'level_10' ); foreach ( $this->banned_admin_capabilities as $i => $cap ) { - if ( in_array( $cap, array( 'manage_options', 'promote_users', 'level_10' ), true ) ) { + if ( in_array( $cap, $default_locked_cap_options, true ) ) { continue; } $banned_admin_capabilities_options[ $cap ] = $cap; @@ -329,7 +330,7 @@ if ( ! class_exists( 'um\core\Secure' ) ) { 'multi' => true, 'columns' => 2, 'options' => $banned_admin_capabilities_options, - 'value' => UM()->options()->get( 'banned_capabilities' ) ? array_keys( UM()->options()->get( 'banned_capabilities' ) ) : array_keys( $banned_admin_capabilities_options ), + 'value' => UM()->options()->get( 'banned_capabilities' ) ? array_keys( UM()->options()->get( 'banned_capabilities' ) ) : array_keys( $default_locked_cap_options ), 'label' => __( 'Banned Administrative Capabilities', 'ultimate-member' ), 'description' => __( 'All the above are default Administrator & Super Admin capabilities. When someone tries to inject capabilities to the Account, Profile & Register forms submission, it will be flagged with this option. The manage_options, promote_users & level_10 capabilities are locked to ensure no users will be created with these capabilities.', 'ultimate-member' ), ),