Remove all caps unrelated to posts for all WordPress accounts.

remove-caps.php

<?php
/* ********************************************************* *
 * WARNING WARNING WARNING!                                  *
 * Written in about ten minutes, only roughly tested.        *
 * ********************************************************* */

/**
 * Do not allow meta caps unrelated to posts.
 *
 * @param string[] $caps    Array of required capabilities.
 * @param string   $cap     Capability name being checked.
 * @param int      $user_id The user ID.
 * @param array    $args    Adds the context to the cap. Typically the object ID.
 *
 * @return string[] Modified list of required capabilities.
 */
function pwcc_posts_only_meta( $caps, $cap, $user_id, $args ) {
	switch ( $cap ) {
		case 'delete_post':
		case 'delete_page':
		case 'edit_post':
		case 'edit_page':
		case 'read_post':
		case 'read_page':
		case 'publish_post':
		case 'edit_post_meta':
		case 'delete_post_meta':
		case 'add_post_meta':
		case 'edit_term_meta':
		case 'delete_term_meta':
		case 'add_term_meta':
			if ( ! in_array( 'post' , get_post_type( $args[0] ), true ) ) {
				$caps[] = 'do_not_allow';
			}
			break;
		case 'edit_user_meta':
		case 'delete_user_meta':
		case 'add_user_meta':
		case 'edit_files':
		case 'edit_plugins':
		case 'edit_themes':
		case 'update_plugins':
		case 'delete_plugins':
		case 'install_plugins':
		case 'upload_plugins':
		case 'update_themes':
		case 'delete_themes':
		case 'install_themes':
		case 'upload_themes':
		case 'install_languages':
		case 'update_languages':
		case 'customize':
		case 'edit_term':
		case 'delete_term':
		case 'assign_term':
		case 'manage_post_tags':
		case 'edit_categories':
		case 'edit_post_tags':
		case 'delete_categories':
		case 'delete_post_tags':
		case 'assign_categories':
		case 'assign_post_tags':
		case 'create_sites':
		case 'delete_sites':
		case 'manage_network':
		case 'manage_sites':
		case 'manage_network_users':
		case 'manage_network_plugins':
		case 'manage_network_themes':
		case 'manage_network_options':
		case 'upgrade_network':
		case 'setup_network':
		case 'export_others_personal_data':
		case 'erase_others_personal_data':
		case 'manage_privacy_options':
		case 'edit_blocks':
		case 'edit_others_blocks':
		case 'publish_blocks':
		case 'read_private_blocks':
		case 'delete_blocks':
		case 'delete_private_blocks':
		case 'delete_published_blocks':
		case 'delete_others_blocks':
		case 'edit_private_blocks':
		case 'edit_published_blocks':
			$caps[] = 'do_not_allow';
			break;
	}

	return $caps;
}
add_filter( 'user_has_cap', 'pwcc_posts_only_meta', 1, 4 );

/**
 * Filters the user capabilities to remove caps unrelated to posts.
 *
 * @param bool[]   $allcaps An array of all the user's capabilities.
 * @param string[] $caps    Required primitive capabilities for the requested capability.
 * @param array    $args {
 *     Arguments that accompany the requested capability check.
 *
 *     @type string    $0 Requested capability.
 *     @type int       $1 Concerned user ID.
 *     @type mixed  ...$2 Optional second and further parameters, typically object ID.
 * }
 * @param WP_User  $user    The user object.
 *
 * @return bool[] Filtered array of the user's capabilities.
 */
function pwcc_posts_only_primitive( $allcaps, $caps, $args, $user ) {
	return array_merge(
		$allcaps,
		[
			'upload_files' => false,
			get_post_type_object( 'page' )->cap->edit_posts => false,
			'switch_themes' => false,
			'edit_theme_options' => false,
			'edit_themes' => false,
			'update_plugins' => false,
			'activate_plugins' => false,
			'edit_plugins' => false,
			'manage_options' => false,
			'manage_privacy_options' => false,
			'resume_plugins' => false,
			'resume_themes' => false,
			'delete_users' => false,
			'create_users' => false,
			'edit_term' => false,
			'delete_term' => false,
			'assign_term' => false,
			'manage_categories' => false,
			'list_users' => false,
			'view_site_health_checks' => false,
		]
	);
}
add_filter( 'user_has_cap', 'pwcc_posts_only_primitive', 10, 4 );