Head back up.
Theme Blvd WordPress Themes

2 years ago

Hiding the WordPress admin panel to your subscribers

By Jason Tutorials, WordPress 20 Comments

In this post, I’ll just share a code snippet that will allow you to hide the WordPress admin elements to users who have signed up your site under the Subscriber roll.

The Problem

You’ve found a cool plugin that allows people to signup on your WordPress site and have access to something that the plugin provides on the frontend of your site, but now that a user is logged in there are two problems:

  1. They see the WordPress admin bar at the top of your website.
  2. They can go to http://yoursite.com/wp-admin/ — Not that they can do any harm with a low-level user account, but still maybe seems unprofessional in some cases.

An example? — I’ve personally come across this recently in building sites where I used bbPress to make a support website and Easy Digital Downloads to make a little online store. In both of these websites, I didn’t want users doing anything in the WordPress admin panel because both of these plugins provide ways to give the users everything they need on the frontend of the site when logged in.

The Solution

These two functions should help you solve that little dilemma. Below I’ve picked a capability of “edit_posts” which is just outside of the roles of a Subscriber user (see roles vs capabilities table). I picked the “edit_posts” capability as the example here because this is about as low as a user can be on the capabilities table.

And so we’re basically saying the following:

  1. If the user is logged in, but can’t edit posts, then hide the admin bar on the frontend of the website.
  2. If the user is logged in, but can’t edit posts, do not allow them to access the WordPress admin panel.

This code could go in functions.php of your theme or in a plugin you create.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
/**
 * Disable admin bar on the frontend of your website
 * for subscribers.
 */
function themeblvd_disable_admin_bar() { 
	if( ! current_user_can('edit_posts') )
		add_filter('show_admin_bar', '__return_false');	
}
add_action( 'after_setup_theme', 'themeblvd_disable_admin_bar' );
 
/**
 * Redirect back to homepage and not allow access to 
 * WP admin for Subscribers.
 */
function themeblvd_redirect_admin(){
	if ( ! current_user_can( 'edit_posts' ) ){
		wp_redirect( site_url() );
		exit;		
	}
}
add_action( 'admin_init', 'themeblvd_redirect_admin' );
, , ,

20 comments

  • Hi Jason, thanks for that information. I’ve just launched my website on WordPress and have just had someone register as a User/Subscriber… but I have no comments form/subscribe areas visible on my website. Should I be worried? How did they do that? Thanks if you can help. Regards, Lesley

    • Jason says:

      You know, I honestly am not sure how someone could signup if you don’t have enabled anywhere? Or no kind of signup form? It sounds like something isn’t right there. You should post on the wordpress.org support forums to see if some other people have some better ideas.

    • bryce says:

      They could just go to http://yourwebsite.com/wp-admin/ and then register there (unless you had the ‘Anyone can register’ option is settings unticked.

  • Randy says:

    Hey, thanks for this! The first time I created a members site it took forever to style the WP admin area to match the branding of the website. In addition, there are many plugins that still showed up in the sidebar menu, even though the user had no control to edit them. Almost every other time I activated a plugin I found myself manually removing a menu item.

    From that point, I decided to never allow access to the admin area. As long as you use nonces and good validation I see no reason not to have users edit things right on the front end.

  • Febry says:

    thank you very much Jason, it works.
    and would you like to tell me how make a page for subscriber to edit their profil and change their gravatar but not in wp-admin?

    regards,

    Febry

  • bapu says:

    awesome working this function, thank q jason

  • Asif Irtiza says:

    It works. Thanks! I have added this feature in my site.

  • klark says:

    Cool!

    It works like a charm, thank you very much.

  • Pravin Sawant says:

    It works…. Thank you so much.

  • Gaurav says:

    really helpful in limiting the users to the admin panel.

  • Thanks, works perfect

  • iNiSolutoin says:

    Thank you so much, great!

  • Bram Tanamal says:

    Hi Jason, thanks for sharing the code… since I am a designer and not a coder, I appreciate the extra info in the net.

    I have a problem, though. Since now all the admin bar and dashboard is gone for member xyz, what would be the best practice to let him logout?

    Practical example. I like to run a photographers homepage where users can see everything except the gallery of customer A. Customer A I have given own rights to see his/her page, and with your code I managed that the admin bar/dashboard won’t be visible… now Customer A doesn’t want anyone else in his home to see the gallery and therefor wants to logout, so his/her partner won’t accidentally reopen the browser and the hidden content ist still visible. How can he log out?

    Should I use another plug-in for that? or ad something in the main menu?

    Please help. Thanks in advance.

    Bram from Hamburg, Germany

    • Jason says:

      This article is just talking about hiding the admin. You’d only be doing this if you had a system for handling the user on the frontend of the website. So, for example, in your case, you’d need to have some sort of link for the logged in user on the frontend that logs them out. Just google wordpress logout link and you’ll find some good resources.

  • Bogdan Rusu says:

    Hello Jason,
    Thanks for your solution about this.

    But this can cause problem if you use ajax in wordpress.
    You now, wordpress ajax use wp-admin/admin-ajax.php file.

    So if a user is restricted to entire wp-admin folder, he will be restricted also in admin-ajax.php so ajax function will not work anymore.

    I solved that by adding an extra condition in:

    if ( ! current_user_can( ‘edit_posts’ ) ){
    if (defined( ‘DOING_AJAX’ ) and DOING_AJAX) {
    // do nothing
    } else {
    wp_redirect( site_url() );
    exit;
    }
    }

    Hope that helps for developers who wants to disable wp-admin for subscribers, and also have ajax request on website.

  • Naveen says:

    Hello Jason, No this is not solved my issue, i have did this function so the subscribers can not upvote, i am using another plugin for upvote, but the same ajax issue still exists.

  • Kamil says:

    it’s works, thanks!

  • Doug says:

    worked for me thanks. Dumbest feature in wordpress to allow users (subscribers) to log into the admin side, even if they can only update their profile info.
    I only want our users to access the site front end (I have a private locked site)
    Thanks heaps

  • Syed Zac says:

    Thank you so much!!
    it works great ;)
    thumbs up for you

  • ramachandran says:

    Thank you very much for the code.

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">