Widget
Syntax
Widget:<widget-internal-id>
Definition
The Widget is similar to the Metabox resource. The difference is that widgets are rendered on the frontend or the backend "Dashboard" page. They identify by their unique internal ID that you can find on the "Metaboxes & Widgets" tab.
Note!
AAM only filters out widgets that are not allowed. It does not take into consideration the functionality that facilitates those widgets. Any user may reverse engineer how your website is set up and submit data that hidden widgets collect.
Below is an example of the statement that removes the "Search "widget from the frontend sidebar if a user is authenticated and the email account is not registered with Gmail or Yahoo.
{
"Statement": {
"Effect": "deny",
"Resource": "Widget:widgets|wp_widget_search",
"Condition": {
"Equals": {
"(*bool)${USER.isAuthenticated}": true
},
"NotLike": {
"${USER.user_email}": [
"*@gmail.com",
"*@yahoo.com"
]
}
}
}
}
The premium Complete Package adds the ability to use the wildcard * denotation to target all widgets. For example, the statement below restricts access to all the widgets on the backend "Dashboard" page and the frontend.
{
"Statement": [
{
"Effect": "deny",
"Resource": [
"Widget:*"
]
}
]
}