HowTo: Disable Access to the WordPress Dashboard for Non-Admins

Update: I had a few requested to bundle this into a plugin so I did. You can download it here.

Currently, I’m working on a site where we didn’t want non-admins to even be able to access the wp-admin dashboard. I searched around quite a bit looking for a complete shutoff-solution but most of the results detail how to literally disable the “Dashboard” menu in wp-admin.

Finally, trolling the comments on a like-solution in a post by c. bavota, I stumbled across a simplified version of bavotasan’s function that does exactly what I want, plus it redirects unworthy users to the homepage!

The simplified function was authored by somebody going only by the moniker of Jake.

It’s a pretty simple solution. It adds an action calling a function called ‘redirect_dashboard’ which checks the user level, and if the currently-logged-in-user is unworthy, they get bounced to the homepage. Pretty neat. On line #4, the function checks the user level, with the default set as ‘level_10’ or administrator. I modified this to ‘level_7’ to exclude anyone below the Editor level, but you could choose whichever capability level suits your purpose. Vist the Roles and Capabilities Codex page to find out more about user levels.

Here’s the snippet (which should be added to your theme’s functions.php file)

add_action('admin_init', 'no_mo_dashboard');
function no_mo_dashboard() {
  if (!current_user_can('manage_options') && $_SERVER['DOING_AJAX'] != '/wp-admin/admin-ajax.php') {
  wp_redirect(home_url()); exit;
  }
}

Published by

Drew Jaynes

Drew is a former Core Developer for the WordPress open source project, and he works on cool plugins like AffiliateWP, Easy Digital Downloads, and Restrict Content Pro.

44 thoughts on “HowTo: Disable Access to the WordPress Dashboard for Non-Admins”

  1. Actually would this work????

    add_action(‘admin_init’, ‘no_mo_dashboard’); function no_mo_dashboard() { if (!current_user_can(‘edit_published_posts’) && $_SERVER[‘DOING_AJAX’] != ‘/wp-admin/admin-ajax.php’) { wp_redirect(site_url()); exit; } }

    1. @mananamas Yes, that should work. Just remember that any user that has that capability will still have access to your dashboard. It will not longer just be admin users.

      1. hey drew!!!
        this function worked fine for me but u know i added the post href in one of the pages inside wordpress so that we could see the post .it doesn’t do it can u give me a possible solution

  2. Hi, just would like to point out redirecting to site_url would point to the wordpress directory. for sites with a separate wordpress folder, users will land in a 404 page. use home_url instead.

    1. Unfortunately, no, though that feature may be added in a future release. Perhaps a front-end login that’s style-able.

    1. Jeremy: Did you use the snippet or the plugin? The plugin got a little bloated b/c people were asking for configurable options, but it functions basically the same.

  3. I tried your snippet to redirect to the articles admin page, using admin_url(‘edit.php’) instead of home_url(), but it starts an infinite redirect loop.

    So I tried with the wp_dashboard_setup hook, and it seems to work well:

    function redirect_from_dashboard() {
    	if (!current_user_can('manage_options')) {
    		wp_redirect(admin_url('edit.php')); exit;
    	}
    }
    add_action('wp_dashboard_setup', 'redirect_from_dashboard');
    
  4. Does anybody have an example of how this might be used to redirect non-admins back to their current page? So if they log in on the home page widget, the home page is reloaded upon login or if they login on the login page, that page is reloaded.

  5. Awesome post, saved me having to look into writing this from scratch. it also goes nicely with:

    // show admin bar only for admins
    if (!current_user_can('manage_options')) {
    	add_filter('show_admin_bar', '__return_false');
    }
    
    1. Thanks Drew for your Snippet!
      @ Scott Flack:
      Your snippet is awesome to hide the admin bar. Thanks as well.

      But be aware: if you don’t use Drew’s Snippet, someone could enter the admin area. In fact by just adding “/wp-admin” to the URL of your website. (www.example.com/wp-admin)

      So I used both of your snippets. 🙂

  6. I have a problem with this. I don’t want other users than admins to see the Dashboard. Ok your plugin does work, it removes the Dashboard, however no other users than admins will be able to add a new POST. How can this be solved?

    1. Out of curiosity … how do you plan to let users post if you don’t want them to be able to access the back-end?

      1. I’m a total beginner of WordPress, I’ve just setup my first blogsite for my company and I want the bloggers to be able to post without seeing either the Dashboard nor the Admin menu, I just need a button or link which enables them to make a new post and of course comment each post. None of the bloggers are interested in the Dashboard or Admin menus. I want a normal webside on the internet with possibilites to make posts and comment these. Is WordPress the tool for me, or should I go in another direction?

  7. Dear Drew,

    This function is awesome. I think every WP site needs it. I have a question in regard to user levels.

    In your function, you said it is setup by default to level 10 Admin only. However, we can set it to level 7 to exclude anyone below editor level.

    How can we do that? As I need authors and editors to access the WP-ADMIN but not subscribers.

    Thanking you in advance

Leave a Reply

Your email address will not be published. Required fields are marked *