Function Friday #18: hide the admin area and toolbar from certain user roles
Every Friday, I’m sharing code snippets that I use to customize WordPress. Feedback/suggestions are always welcome! For more information, check out the first post in the series.
WordPress is a great platform for membership-based sites, where lots of people can log in with very specific, restricted access to certain areas. Unless some of the functionality they need access to is in the admin area, I usually disable it for everyone except the roles that do need access.
With a few functions, you can more or less completely hide the fact that your site is running WordPress (unless you have savvy visitors who notice things like “wp” in the login URL).
The code
// Disable admin toolbar for all users except administrators
if ( ! current_user_can('administrator') ) {
add_filter( 'show_admin_bar', '__return_false' );
}
// Redirect Dashboard to account page for all users except administrators
function drollic_redirect_admin() {
if ( is_admin() && ! wp_doing_ajax() && ! current_user_can('administrator') ) {
wp_redirect( home_url() . '/my-account/' );
exit;
}
}
add_action( 'admin_init', 'drollic_redirect_admin' );
This code will disable the WordPress admin area for all user roles except administrators. You could change this to only exclude a specific role (especially if your membership setup creates new roles for members) or to exclude a group of roles.
Disable admin toolbar for all users except administrators
if ( ! current_user_can('administrator') ) {
add_filter( 'show_admin_bar', '__return_false' );
}
The current_user_can function will accept a capability, like “edit_posts” or “manage_options”, or you can give it a role like “administrator” or “editor”.
The “!” in the code above means the show_admin_bar filter will be added for all users that are not administrators. If you wanted to disable the toolbar only for a specific role called “member”, you would use this code instead:
if ( current_user_can('member') ) {
add_filter( 'show_admin_bar', '__return_false' );
}
Redirect Dashboard to account page for all users except administrators
function drollic_redirect_admin() {
if ( is_admin() && ! wp_doing_ajax() && ! current_user_can('administrator') ) {
wp_redirect( home_url() . '/my-account/' );
exit;
}
}
add_action( 'admin_init', 'drollic_redirect_admin' );
This code redirects any attempt to access the Dashboard back to a specific front-end page on your site.
The is_admin function returns true for every page in the admin area. To make sure that this isn’t a plugin trying to make an Ajax request (you don’t want to redirect those!), use the wp_doing_ajax function prefaced with a “!” (i.e. not doing Ajax). Finally, do the same role check as in the previous function (if the user is not an administrator, then execute the code below).
If all of those conditions are met by a visitor – they’re on an admin page, they’re not a plugin making an Ajax request, and they’re not an Administrator – then the wp_redirect function will instantly redirect them to a page of your choice. The code goes to the website’s homepage plus “/my-account/”, assuming your member site has a page like this.
You could also just redirect them to the homepage:
wp_redirect( home_url() );
Immediately after the wp_redirect function, you need to exit.
Where does it go?
This code should go in a functionality plugin. More thoughts on code location are in the first Function Friday post.
Resources
- Customizing the Login Form in the WordPress Codex – take this even further by styling the login page to match your site
- current_user_can in the WordPress Code Reference
- Roles and Capabilities in the WordPress Codex
- show_admin_bar in the WordPress Code Reference
- is_admin in the WordPress Code Reference
- wp_doing_ajax in the WordPress Code Reference
- wp_redirect in the WordPress Code Reference
- home_url in the WordPress Code Reference
- exit in the PHP Manual
Leave a Reply