Search

How to Limit Access to Your WordPress Dashboard

Listen to this article

Dashboard Access DeniedYour WordPress site’s dashboard controls your website. There are several settings and options provided, most of which are quite important, for the smooth operation of your website. As the site’s admin, you definitely want to protect your dashboard settings, from malicious and clueless users. WordPress provides several user roles, with each role having definite capabilities. Not all roles can access the same menus in the dashboard (because of limited capabilities).

But what if you wanted to limit user access even further. For example, say you wanted only admin to access the dashboard, and restrict other user role access completely. Well, WordPress provides you the options, to alter user capabilities. And of course there are some wonderful plugins you can use.

 

Changing Capabilities for User Roles

The capabilities set per user role can be changed using the ‘add_cap’ or ‘remove_cap’ functions. You need to add something similar like the code below, in your theme or your plugin. Make sure the function is called at the earliest, for example, when your theme or plugin is activated.

function remove_author_cap_upload_files() {
  // get_role returns an instance of WP_Role
  $role = get_role( 'author' );
  $role->remove_cap( 'upload_files' );
}
add_action( 'init', 'remove_author_cap_upload_files' );

Using a plugin: If you do not want to alter any code, or basically are looking for a plugin based solution, the ‘User Role Editor’ is a really helpful plugin, that allows you to change the capabilities for any user role.

[space]

Restricting Dashboard Access for non-Admin Users

To completely disallow a user, other than the admin, to access your site’s dashboard, add the following code in your theme’s or plugin’s functions.php file:

function custom_restrict_users()
{
  if (!current_user_can('manage_options'))
  {
    /* Remove admin bar */
    show_admin_bar(false);
    if(is_admin())
    {
     wp_redirect( home_url() );
     exit;
    }
  }
}
add_action( 'init', 'custom_restrict_users' );

Plugin Solution: There are several plugins to restrict dashboard access for user roles. My pick? The Remove Dashboard Access Plugin.

[space]

Using Capabilities for Plugins Settings Page

To limit the options page for your plugin only to the site admin, you need to make use of the ‘$capabilities’ argument in the ‘add_menu_page’ function, as follows:

add_menu_page( 'Page Title', 'Menu Title', 'manage_options', 'menu_slug', 'menu_function' );

[space]

These tips can help you limit the operations users can perform in your site’s backend. These can be useful when setting up demo sites, etc. Found these tips useful? How about sharing some views in the comment section below?

Aruna Vadlamani

Aruna Vadlamani

2 Responses

    1. Hi Nikolas,
      Thanks for reading the article and pointing out the mistake! I’ve made the needed changes (phew!).

Leave a Reply

Your email address will not be published. Required fields are marked *

Get The Latest Updates

Subscribe to our Newsletter

A key to unlock the world of open-source. We promise not to spam your inbox.

Suggested Reads

WordPress Development

Custom WordPress Solutions, for You

LearnDash Development

Custom LearnDash Solutions, for You

WooCommerce Development

Custom WooCommerce Solutions, for You

WordPress Plugins

Scale your WordPress Business

WooCommerce Plugins

Scale your WooCommerce Business

LearnDash Plugins

Scale your LearnDash Business

Label

Title

Subtext

Label

Title

Subtext

Join our 55,000+ Subscribers

    The Wisdm Digest delivers all the latest news, and resources from the world of open-source businesses to your inbox.

    Suggested Reads