HowTo: Disable Access to the WordPress Dashboard for Non-Admins

Update: I had a few requested to bundle this into a plugin so I did. You can download it here.

Currently, I’m working on a site where we didn’t want non-admins to even be able to access the wp-admin dashboard. I searched around quite a bit looking for a complete shutoff-solution but most of the results detail how to literally disable the “Dashboard” menu in wp-admin.

Finally, trolling the comments on a like-solution in a post by c. bavota, I stumbled across a simplified version of bavotasan’s function that does exactly what I want, plus it redirects unworthy users to the homepage!

The simplified function was authored by somebody going only by the moniker of Jake.

It’s a pretty simple solution. It adds an action calling a function called ‘redirect_dashboard’ which checks the user level, and if the currently-logged-in-user is unworthy, they get bounced to the homepage. Pretty neat. On line #4, the function checks the user level, with the default set as ‘level_10’ or administrator. I modified this to ‘level_7’ to exclude anyone below the Editor level, but you could choose whichever capability level suits your purpose. Vist the Roles and Capabilities Codex page to find out more about user levels.

Here’s the snippet (which should be added to your theme’s functions.php file)

add_action('admin_init', 'no_mo_dashboard');
function no_mo_dashboard() {
  if (!current_user_can('manage_options') && $_SERVER['DOING_AJAX'] != '/wp-admin/admin-ajax.php') {
  wp_redirect(home_url()); exit;
  }
}

Fun?! with Subversion and WordPress

OK, so I’m a bit of a Cowboy Coder and after a session with Mark Jaquith the other week at WordCamp San Francisco, I’ve been mildly shamed into learning what I need to start using version control.

At home I have a pretty high-powered gaming PC and when I’m on the go I’m using a MacBook Pro. So the first thing I did using a (somewhat old but relevant) guide by Westi to setup TortoiseSVN on my PC and started hooking up my WordPress Trunk build repo using SVN. Prior to now, I’ve always sort of done it the hard way, e.g. a whole lot of downloading and ftp-ing a couple of times a week.

First impression: SVN is kind of complicated at first, but once you sort of get the hang of it, it’s a heckuva lot less work overall. After I got the hang of doing checkouts, updates and commits with my local repo, I got a little more ambitious and set out to get SVN setup on my VPS.

After an install, uninstall and re-install, I finally got all of the ra_* (See: Repository Access) modules in place that would allow me to checkout code from http & https URLs. Thanks to a very helpful guide by Otto, I managed to setup svn:externals and perform a couple of checkouts and updates directly from the WordPress trunk and my VPS. Pretty neat.

NoteToSelf: Next time: Read about it, read about it, try, fail, try, fail, fail, WIN.