HTML5 Zone is brought to you in partnership with:

Paulund is a website dedicated to writing tutorials and code snippets about Web Development, the main subjects are PHP, Wordpress, jQuery, CSS3 and HTML5. Paul is a DZone MVB and is not an employee of DZone and has posted 134 posts at DZone. You can read more from them at their website. View Full User Profile

Restrict Admin Area To Only Admin Users

01.20.2013
| 2385 views |
  • submit to reddit

Lock
When you create a new user in the WordPress user manager they will be able to login to your site by going to the default WordPress login page /wp-login.php. Depending on the role you have assigned to this user they will see different options in the admin area.

Even if the user has the lowest level of role a Subscriber assigned to them they will be able to log into the WordPress admin area but all they will be able to do is edit their own profile. But if your not doing anything with this profile information then there is no need for them to login to edit the profile.

If you don't want other users to be able to log in to your WordPress admin area you can restrict access depending on a certain role.

In this example we are just going to allow admin users access to login to the admin area. We are going to use the WordPress action admin_init which will run when you access any admin page, from here we can check the access right of the user and redirect if we need to.

Copy the following code into your functions.php file and it will check if the user has admin rights, if they doesn't have admin rights then they will be redirected to the home page of the site.

function restrict_admin()
{
	if ( ! current_user_can( 'manage_options' ) ) {
                wp_redirect( site_url() );
                exit;
	}
}
add_action( 'admin_init', 'restrict_admin', 1 );
Published at DZone with permission of Paul Underwood, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)