How to Limit Access to Your WordPress Dashboard

Limiting access to the WordPress dashboard is a topic we’re asked about a lot in the WPMU DEV support forums. Whether you’re creating a site for a client who doesn’t know WordPress from Microsoft Word or you just want to restrict how users login to your site, there are various reasons why you might want to keep people off your dashboard.

Luckily, there are many ways to help you do it. In this post I’ll go over a few different methods, from simply using the permission settings built into WordPress to using code and installing plugins.

Limit dashboard access
Limiting access to your Dashboard is simple with these handy tips.

Limiting Access With WordPress User Permissions

Add New User
When adding a new user, select “Subscriber” to give them limited permissions.

WordPress uses roles and capabilities to define who can and can’t do what on a WordPress site. Setting user permissions is the most basic way to restrict access within the backend of a site.

There are six kinds of roles: Super Admin (WordPress Multisite), Administrator, Editor, Author, Contributor and Subscriber.

Site owners can use these roles to manage who can access writing and editing posts, creating pages, defining links, creating categories, moderating comments, managing plugins, managing themes and managing other users, by assigning specific role to each user.

Super Admins can access all areas of a Multisite installation, while an Administrator can access all areas of a single site installation. The other roles have a decreasing level of capabilities. The most basic role, Subscriber, can only manage their profile – they can’t write or edit posts, access settings etc.

If you’re after a simple way to limit what users can access on your backend, you can set new users to be automatically assigned the Subscriber role. As an admin, you can set the default role for users in Settings > General.

Limiting Access to WordPress With Code

Say you run some kind of membership site that users can sign up for, but you don’t want them to be able to access wp-admin. To block non-admin users from so much as peaking at the dashboard, just drop the following code into your functions.php file:

1
2
3
4
5
6
7
8
add_action( 'init', 'blockusers_init' );
function blockusers_init() {
if ( is_admin() && ! current_user_can( 'administrator' ) &&
! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
wp_redirect( home_url() );
exit;
}
}

Only admins can access wp-admin. Everyone else will be re-directed to the homepage.

Thanks to Gary Pendergast for this fantastic snippet.

Limiting Access to WordPress With Plugins

There are a few handy plugins out there that can also help keep users off your dashboard.

Login Redirect

Login Redirect
Login Redirect allows you to send your users to an URL of your choosing after they login to your site.

Login Redirect by WPMU DEV allows you to simply redirect users who log into your site to a page of your choosing. For example, after they log in, instead of arriving at the dashboard you could send them to a membership page on your site or the Post Editor.

It’s easy to use – After you’ve installed and activated the plugin, go to Settings > General and add the URL you want to redirect to in the “Login Redirect” field.

WP Hide Dashboard

This handy plugin allows you to hide the Dashboard menu, Personal Options section and Help link on the Profile page from users you’ve assigned as Subscriber. So your Subscribers will only see a very basic Profile page.

After you’ve installed and activated the plugin there’s no configuration needed.

Remove Dashboard Access

Remove Dashboard Access
Remove Dashboard Access limits user access to the Dashboard based on capabilities.

This plugin lets you restrict Dashboard access to Administrators only or users with a specific capability. You can also choose whether to allow users to edit their profiles in the Dashboard.

Users who aren’t Administrators or don’t meet the selected capability can be redirected to a chosen URL.

To set up the plugin, go to Settings > Dashboard Access and select your user access and redirection settings.

Summing Up

Limiting access to your WordPress Dashboard doesn’t have to be complicated. Whether you choose to lock out users using code or a plugin, this post outlines a few simple ways to keep the Dashboard all to yourself.

Image credits: Nathan Jongewaard.

Do you prevent users from accessing your Dashboard? What methods do you use? Tell us in the comments below.