Add Snippet To Project
Maintaining security and control over your WordPress website is paramount, and one way of doing this is by restricting dashboard access. You may want to limit access for certain user roles, or entirely prevent front-end users from accessing back-end interface. No matter what your reasons are, knowing how to restrict dashboard access in WordPress can be highly beneficial. In this article, we present a comprehensive guide on how to effectively limit dashboard access on your WordPress site.
function wpturbo_restrict_dashboard_access() {
if(!current_user_can('manage_options') && (is_admin() || is_blog_admin())) {
wp_redirect(home_url());
exit;
}
}
add_action('admin_init', 'wpturbo_restrict_dashboard_access');
```
This snippet of code is designed to restrict access to the WordPress admin dashboard based on user capabilities. It hooks into the admin_init action which is fired when someone accesses the admin area of WordPress.
First, the snippet creates the function wpturbo_restrict_dashboard_access(). This function will define what action WordPress should take when it triggers the admin_init action.
The function uses the current_user_can('manage_options') function, a built-in WordPress function that checks the current user’s capabilities. The argument ‘manage_options’ checks if the user has the capability to manage optional features in the WordPress admin. If the current user cannot manage options i.e., if they don’t have administrative privileges, the function continues.
The function then checks if the current request is for an admin page using (is_admin() || is_blog_admin()). is_admin() checks if the dashboard or admin panel is attempting to be displayed, but unfortunately, this function does not discern between the login page or the register page.
That’s why the function also uses is_blog_admin(), which verifies if the admin panel in the Multisite is being displayed. The is_admin() || is_blog_admin() check makes sure the function only continues if the page being accessed is a dashboard page.
If both of these checks return true (i.e., the current user does not have ‘manage_options’ permissions and they’re trying to access the dashboard or admin panel), the function uses wp_redirect(home_url()) to redirect the user to the home page.
The home_url() function returns the home URL for the current site, which is where users without ‘manage_options’ access will now go if they try to access the dashboard. Following the redirection, exit is used to terminate the current script. This is a safety measure to ensure that no further output is sent after the redirect has been initiated.
The last part of this snippet uses add_action to attach the wpturbo_restrict_dashboard_access() function to the admin_init action hook. This hook is triggered whenever someone visits any admin page, meaning it will consistently check the user’s permissions and control access to the admin dashboard as needed. This is a very important part of keeping the WordPress dashboard secure.