Restricting Access to the WordPress Dashboard By User Role
I see this a lot with people using the WP User Manager plugin to turn their WordPress site into a community or membership site. Users register for the site from the front end form, they are given a certain role (eg. subscriber), they then can manage their own profile from the front end of the site, but then also have access to the WordPress dashboard (via /wp-admin).
This isn’t the best experience for users who shouldn’t be seeing any form of wp-admin (even if they can’t do much in it). Here’s how you can lock down the dashboard to only administrators:
/**
* Only allow access to the wp-admin dashboard for users with the manage_options capability (administrators).
* Customize the capability as needed https://wordpress.org/support/article/roles-and-capabilities/
*/
function wpum_restrict_wp_admin_access() {
if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
// Don't hijack AJAX requests
return;
}
if ( ! is_admin() ) {
// We aren't in the admin
return;
}
if ( current_user_can( 'manage_options' ) ) {
// User has the correct role
return;
}
// Redirect to the homepage. Customize as needed
wp_safe_redirect( home_url() );
exit;
}
add_action( 'init', 'wpum_restrict_wp_admin_access' );
The admin bar will still appear for users on the front end of the site, which WP User Manager has a setting to disable it, but you can do this manually with the following:
/**
* Only show the wp-admin bar for users with the manage_options capability (administrators).
* Customize the capability as needed https://wordpress.org/support/article/roles-and-capabilities/
*
* @param bool $show_admin_bar
*
* @return bool
*/
function wpum_hide_admin_bar( $show_admin_bar ) {
if ( ! current_user_can( 'manage_options' ) ) {
return false;
}
return $show_admin_bar;
}
add_filter( 'show_admin_bar', 'wpum_hide_admin_bar' );
