Restricting Access to the WordPress Dashboard By User Role
I see this a lot with people using the WP User Manager plugin to turn their WordPress site into a community or membership site. Users register for the site from the front end form, they are given a certain role (eg. subscriber), they then can manage their own profile from the front end of the site, but then also have access to the WordPress dashboard (via /wp-admin).
This isn’t the best experience for users who shouldn’t be seeing any form of wp-admin (even if they can’t do much in it). Here’s how you can lock down the dashboard to only administrators:
/** * Only allow access to the wp-admin dashboard for users with the manage_options capability (administrators). * Customize the capability as needed https://wordpress.org/support/article/roles-and-capabilities/ */ function wpum_restrict_wp_admin_access() { if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) { // Don't hijack AJAX requests return; } if ( ! is_admin() ) { // We aren't in the admin return; } if ( current_user_can( 'manage_options' ) ) { // User has the correct role return; } // Redirect to the homepage. Customize as needed wp_safe_redirect( home_url() ); exit; } add_action( 'init', 'wpum_restrict_wp_admin_access' );
The admin bar will still appear for users on the front end of the site, which WP User Manager has a setting to disable it, but you can do this manually with the following:
/** * Only show the wp-admin bar for users with the manage_options capability (administrators). * Customize the capability as needed https://wordpress.org/support/article/roles-and-capabilities/ * * @param bool $show_admin_bar * * @return bool */ function wpum_hide_admin_bar( $show_admin_bar ) { if ( ! current_user_can( 'manage_options' ) ) { return false; } return $show_admin_bar; } add_filter( 'show_admin_bar', 'wpum_hide_admin_bar' );