Allow only admins to access wp-admin pages

When it comes to security, it is better to do everything you can to make sure there are as few as possible ways of entering admin dashboard. When you allow your visitors to sign up to the site so they can post comments or so you can give them extra content based on that, you probably don’t want those users to be able to login to your dashboard and see what you’re up to.

Yeah, you do have your username and a special admin password, so an average user can do nothing even if he opens the wp-admin login page, but why would you even give a visitor a chance to take a peek at your admin pages?

In today’s article, we will show you how to easily prevent users who aren’t admins to have access to wp-admin pages.

Code:

First, here’s a simple solution in a form of a code. As usual, you only have to copy and paste the code in your functions.php file to make the changes. The code will allow anyone with administrator rights to access wp-admin page while anyone else will be redirected to the homepage. Simple as that:

    1. Open functions.php file from the theme you are using
    2. Copy and paste this snippet:
add_action( 'init', 'blockusers_init' );
function blockusers_init() {
if ( is_admin() && ! current_user_can( 'administrator' ) &&
! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
wp_redirect( home_url() );
exit;
}
}
  1. Save changes

WP Admin No Show

PRICE: Free

This free plugin is very simple and will give you a user-friendly way of blocking admin pages for anyone but admins. Once you install the plugin and activate it, you will have the option to blacklist user roles. For example, you can check Subscribers on the list and restrict their access to admin pages. Also, you can choose a page to which those restricted users will be redirected. It is good to know that the plugin will automatically hide admin bar for blacklisted users.

WP Hide Dashboard

PRICE: Free

A very similar, also free, the plugin comes with the name WP Hide Dashboard. This plugin will hide the dashboard, block users from getting a Personal Options sections and the Help link which is located on the profile page. This plugin is a great tool if you want your users to be able to log in and update their profile settings but don’t want them to be able to take a peek at your dashboard. WP Hide Dashboard will work on a single website as well on multisite, but there are known conflicts with several plugins so be sure to check the description page before installing.

In WordPress, there are always numerous ways of achieving the same goals. Of course, there are more than just a few methods of blocking admin pages. And there are more than few plugins similar to ones described above so feel free to search for more.

Besides the methods shown in this articles, be sure to read how to limit access to your WordPress login page using .htpasswd file to make your site even more secure. See what else you can do for your WordPress site when it comes to security.

Are you using any other method or know a better plugin for the job? If so, please, leave a comment below and tell us your experience with blocking admin pages in WordPress.

START YOUR OWN BLOG

This guide is an introduction to mastering the art of blogging. It provides easy to follow steps to start, maintain, and grow your blog.

Read the guide

Leave a Reply

Your email address will not be published. Required fields are marked *