Keep Users Based On Role Out of WP-ADMIN

Here is a quick and dirty way to keep your users out of the WP-ADMIN area.  I have not found a good way to redirect a user from the wp-login.php page to a custom page and not profile.php. (anyone knows, please let me know : > ). I needed this as i had a front end system for users to manage their profiles. That part needed to look like the regular theme and not like the admin area. This code can be placed in your theme's functions.php or in a plugin. You can replace "administrator" with any role that you choose. 
function wp_admin_role_limiter() {
     if ( ( is_user_logged_in() ) && ( preg_match( '/wp-admin/', $_SERVER['REQUEST_URI'] ) ) ) {
          if ( !current_user_can( 'administrator' ) ) {
               header( 'Location: http://www.domain.com/custom-profile-page/' );
          }
     }
}
add_action( 'admin_head', 'wp_admin_role_limiter' );

Post a comment

  1. Chris

    Thank you Oliver, would you please tell me how I can add the shop manager role? when I copy this code it keeps everyone out accept me, the admin and i cannot seem to figure out how to add the shop manager role to the snippet. Thanks a ton!

    • Matthew Price

      Hi Chris So if you want to take care of multiple user roles, a simple way would be to use the global $current_user; so you could revise the function to look like this:

      function wp_admin_role_limiter() {
         global $current_user;
         get_currentuserinfo();
     if ( ( is_user_logged_in() ) && ( preg_match( '/wp-admin/', $_SERVER['REQUEST_URI'] ) ) ) {
        $allowed_users = array( 'administrator','shopmanager' );
        if ( !in_array( $current_user->roles[0], $allowed_users ) ) {
               header( 'Location: http://www.domain.com/custom-profile-page/' );
          }
     }
}
add_action( 'admin_head', 'wp_admin_role_limiter' );

      • Matthew Price

        You can also check if the $current_user->caps['administrator'] == 1 so you could do a conditional that checks if that == 1 or if $current_user->caps['shopmanager'] == 1

  2. Tom

    Thanks a lot for this snippet Matthew and Oliver. it is great solition .:)

  3. Oliver Chank

    Thanks a lot for this snippet, I really needed this. Although I got the Headers already sent error... I changed the "admin_head" hook for the "admin_init" one and it works like a charm now. I also changed the header() function to the built-in wp_redirect( home_url() ); exit; for no apparent reason, but I thought it was worth mentioning. :)

    • Matthew Price

      Hi So i visited your blog and noticed that you wrote about Roots. Ben is a good friend of mine out here in Colorado. Glad to see international support for his project! Matt

      • Oliver Chank

        Ah! The internet is such a small world. :D Yeah, I used to work a lot with Roots theme, it thought me a lot of handy functions. :)

    • Matthew Price

      Hi I am glad that it helps. It definitely solved some issues for me when i wrote it. And thanks for the revised action. i guess where i have it in my script is different and doesn't cause the headers message, but i have definitely gotten that before. Matt






Real Time Web Analytics ^