Your WordPress site’s dashboard controls your website. There are several settings and options provided, most of which are quite important, for the smooth operation of your website. As the site’s admin, you definitely want to protect your dashboard settings, from malicious and clueless users. WordPress provides several user roles, with each role having definite capabilities. Not all roles can access the same menus in the dashboard (because of limited capabilities).
But what if you wanted to limit user access even further. For example, say you wanted only admin to access the dashboard, and restrict other user role access completely. Well, WordPress provides you the options, to alter user capabilities. And of course there are some wonderful plugins you can use.
Changing Capabilities for User Roles
The capabilities set per user role can be changed using the ‘add_cap’ or ‘remove_cap’ functions. You need to add something similar like the code below, in your theme or your plugin. Make sure the function is called at the earliest, for example, when your theme or plugin is activated.
function remove_author_cap_upload_files() { // get_role returns an instance of WP_Role $role = get_role( 'author' ); $role->remove_cap( 'upload_files' ); } add_action( 'init', 'remove_author_cap_upload_files' );
Using a plugin: If you do not want to alter any code, or basically are looking for a plugin based solution, the ‘User Role Editor’ is a really helpful plugin, that allows you to change the capabilities for any user role.
[space]
Restricting Dashboard Access for non-Admin Users
To completely disallow a user, other than the admin, to access your site’s dashboard, add the following code in your theme’s or plugin’s functions.php file:
function custom_restrict_users() { if (!current_user_can('manage_options')) { /* Remove admin bar */ show_admin_bar(false); if(is_admin()) { wp_redirect( home_url() ); exit; } } } add_action( 'init', 'custom_restrict_users' );
Plugin Solution: There are several plugins to restrict dashboard access for user roles. My pick? The Remove Dashboard Access Plugin.
[space]
Using Capabilities for Plugins Settings Page
To limit the options page for your plugin only to the site admin, you need to make use of the ‘$capabilities’ argument in the ‘add_menu_page’ function, as follows:
add_menu_page( 'Page Title', 'Menu Title', 'manage_options', 'menu_slug', 'menu_function' );
[space]
These tips can help you limit the operations users can perform in your site’s backend. These can be useful when setting up demo sites, etc. Found these tips useful? How about sharing some views in the comment section below?
2 Responses
A lot of mistakes. Do not use it
Hi Nikolas,
Thanks for reading the article and pointing out the mistake! I’ve made the needed changes (phew!).