How to Limit Access to Your WordPress Dashboard

Limiting access to the WordPress dashboard is a topic we’re asked about a lot in the WPMU DEV support forums. Whether you’re creating a site for a client who doesn’t know WordPress from Microsoft Word or you just want to restrict how users login to your site, there are various reasons why you might want to keep people off your dashboard.

Luckily, there are many ways to help you do it. In this post I’ll go over a few different methods, from simply using the permission settings built into WordPress to using code and installing plugins.

Limit dashboard access
Limiting access to your Dashboard is simple with these handy tips.

Limiting Access With WordPress User Permissions

Add New User
When adding a new user, select “Subscriber” to give them limited permissions.

WordPress uses roles and capabilities to define who can and can’t do what on a WordPress site. Setting user permissions is the most basic way to restrict access within the backend of a site.

There are six kinds of roles: Super Admin (WordPress Multisite), Administrator, Editor, Author, Contributor and Subscriber.

Site owners can use these roles to manage who can access writing and editing posts, creating pages, defining links, creating categories, moderating comments, managing plugins, managing themes and managing other users, by assigning specific role to each user.

Super Admins can access all areas of a Multisite installation, while an Administrator can access all areas of a single site installation. The other roles have a decreasing level of capabilities. The most basic role, Subscriber, can only manage their profile – they can’t write or edit posts, access settings etc.

If you’re after a simple way to limit what users can access on your backend, you can set new users to be automatically assigned the Subscriber role. As an admin, you can set the default role for users in Settings > General.

Limiting Access to WordPress With Code

Say you run some kind of membership site that users can sign up for, but you don’t want them to be able to access wp-admin. To block non-admin users from so much as peaking at the dashboard, just drop the following code into your functions.php file:

1
2
3
4
5
6
7
8
add_action( 'init', 'blockusers_init' );
function blockusers_init() {
if ( is_admin() && ! current_user_can( 'administrator' ) &&
! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
wp_redirect( home_url() );
exit;
}
}

Only admins can access wp-admin. Everyone else will be re-directed to the homepage.

Thanks to Gary Pendergast for this fantastic snippet.

Limiting Access to WordPress With Plugins

There are a few handy plugins out there that can also help keep users off your dashboard.

Login Redirect

Login Redirect
Login Redirect allows you to send your users to an URL of your choosing after they login to your site.

Login Redirect by WPMU DEV allows you to simply redirect users who log into your site to a page of your choosing. For example, after they log in, instead of arriving at the dashboard you could send them to a membership page on your site or the Post Editor.

It’s easy to use – After you’ve installed and activated the plugin, go to Settings > General and add the URL you want to redirect to in the “Login Redirect” field.

WP Hide Dashboard

This handy plugin allows you to hide the Dashboard menu, Personal Options section and Help link on the Profile page from users you’ve assigned as Subscriber. So your Subscribers will only see a very basic Profile page.

After you’ve installed and activated the plugin there’s no configuration needed.

Remove Dashboard Access

Remove Dashboard Access
Remove Dashboard Access limits user access to the Dashboard based on capabilities.

This plugin lets you restrict Dashboard access to Administrators only or users with a specific capability. You can also choose whether to allow users to edit their profiles in the Dashboard.

Users who aren’t Administrators or don’t meet the selected capability can be redirected to a chosen URL.

To set up the plugin, go to Settings > Dashboard Access and select your user access and redirection settings.

Summing Up

Limiting access to your WordPress Dashboard doesn’t have to be complicated. Whether you choose to lock out users using code or a plugin, this post outlines a few simple ways to keep the Dashboard all to yourself.

Image credits: Nathan Jongewaard.

Do you prevent users from accessing your Dashboard? What methods do you use? Tell us in the comments below.

Tags

Comments (11)

  1. Hi, great article, brief and right to the point.

    I maintain a multisite WP installation where I wanted to allow access to certain parts of the dashboard, more or less depending on the role. I think it’s worth mentioning that for that purpose I use a plugin, adminiminize, with hundreds of options. A bit difficult to set everything up, though. It let’s you choose which widgets, menu, or toolbar options you want to show/hide. Tricky, because you’ll have to browse through dozens, if not hundreds of checkboxes, but highly customizable. I’ve also seen it mentioned on wpmu dev forums :-)

  2. Hi @juanfrito. I did have a look at that plugin but for this post I decided it was best to keep things simple so I left it out. Also, I’ve written in the past about our Ultimate Branding plugin, which is similar in that it allow you to customize/white label the admin area.

  3. Hi, I am trying to figure out how, on a multisite .. when a new user creates a site how i can limit the admin dashboard and instead have several pre made pages that they may edit from front-end?

    Rather than having access to wp-admin..

    Would appreciate any pointers…

    Thanks!!

  4. Hi Tom,

    I’m no expert but I had a similar sort of issue. I wanted to create a user account on the front end and prevent that user from accessing the dashboard.
    Preventing the user from accessing the dashboard – this article covers it.
    Creating a user account – user a membership plugin such as the one here on WPMU Dev. Create a generic user account home page and use the login redirect to send anyone who logs in to this page. Protect this page using the membership plugin so only logged in users have access to it. Create whatever other pages you want in the account and link them with the homepage and protect them – you have your user account.
    You can have the user profile area where they edit their personal information, you can have a downloads page, a form page to collect information, drop shortcodes in from other plugins etc.

    Hope that helps a bit.

  5. To specifically answer your question. I’m guessing you want the admin area in the front end because the dashboard area looks a little complicated and has stuff you don’t want the new site owner to freak out about or get confused.

    Look at it from this angle – to remove from the dashboard what you don’t want and customizing the dashboard so it looks more like a front end experience.
    Look into adminimize and research dashboard customization and see if you can achieve the result you want that way. To do it from the front end might be expensive and hard to achieve.

  6. Are there any security issues with allowing people access to the dashboard? Since, by default, WordPress allows all users who subscribe to a site access to the Dashboard, I can’t imagine that there are any security issues.

  7. Thanks for this blog post :)

    What if I want to limit access to a specific part of a WordPress site to users that are logged on? or even specific users that are logged on?

  8. Hi! I have a single WordPress site where i have many authors contributing to it. It’s a sports site. My question is – How can I give an author access to post their articles to certain sections of the site? Example : I want an author to be able to post in the Football section only. Is this possible? Thanks!

Participate