Hiding the WordPress Admin Panel to Your Subscribers

In this post, I’ll just share a code snippet that will allow you to hide the WordPress admin elements to users who have signed up your site under the Subscriber roll.

The Problem

You’ve found a cool plugin that allows people to signup on your WordPress site and have access to something that the plugin provides on the frontend of your site, but now that a user is logged in there are two problems:

  1. They see the WordPress admin bar at the top of your website.
  2. They can go to http://yoursite.com/wp-admin/ — Not that they can do any harm with a low-level user account, but still maybe seems unprofessional in some cases.

An example? — I’ve personally come across this recently in building sites where I used bbPress to make a support website and Easy Digital Downloads to make a little online store. In both of these websites, I didn’t want users doing anything in the WordPress admin panel because both of these plugins provide ways to give the users everything they need on the frontend of the site when logged in.

The Solution

These two functions should help you solve that little dilemma. Below I’ve picked a capability of “edit_posts” which is just outside of the roles of a Subscriber user (see roles vs capabilities table). I picked the “edit_posts” capability as the example here because this is about as low as a user can be on the capabilities table.

And so we’re basically saying the following:

  1. If the user is logged in, but can’t edit posts, then hide the admin bar on the frontend of the website.
  2. If the user is logged in, but can’t edit posts, do not allow them to access the WordPress admin panel.

This code could go in functions.php of your theme or in a plugin you create.

 * Disable admin bar on the frontend of your website
 * for subscribers.
function themeblvd_disable_admin_bar() { 
	if ( ! current_user_can('edit_posts') ) {
		add_filter('show_admin_bar', '__return_false');	
add_action( 'after_setup_theme', 'themeblvd_disable_admin_bar' );

 * Redirect back to homepage and not allow access to 
 * WP admin for Subscribers.
function themeblvd_redirect_admin(){
	if ( ! defined('DOING_AJAX') && ! current_user_can('edit_posts') ) {
		wp_redirect( site_url() );
add_action( 'admin_init', 'themeblvd_redirect_admin' );

41 comments on “Hiding the WordPress Admin Panel to Your Subscribers

  1. Hi Jason, thanks for that information. I’ve just launched my website on WordPress and have just had someone register as a User/Subscriber… but I have no comments form/subscribe areas visible on my website. Should I be worried? How did they do that? Thanks if you can help. Regards, Lesley

    • You know, I honestly am not sure how someone could signup if you don’t have enabled anywhere? Or no kind of signup form? It sounds like something isn’t right there. You should post on the wordpress.org support forums to see if some other people have some better ideas.

  2. Hey, thanks for this! The first time I created a members site it took forever to style the WP admin area to match the branding of the website. In addition, there are many plugins that still showed up in the sidebar menu, even though the user had no control to edit them. Almost every other time I activated a plugin I found myself manually removing a menu item.

    From that point, I decided to never allow access to the admin area. As long as you use nonces and good validation I see no reason not to have users edit things right on the front end.

  3. thank you very much Jason, it works.
    and would you like to tell me how make a page for subscriber to edit their profil and change their gravatar but not in wp-admin?



  4. Hi Jason, thanks for sharing the code… since I am a designer and not a coder, I appreciate the extra info in the net.

    I have a problem, though. Since now all the admin bar and dashboard is gone for member xyz, what would be the best practice to let him logout?

    Practical example. I like to run a photographers homepage where users can see everything except the gallery of customer A. Customer A I have given own rights to see his/her page, and with your code I managed that the admin bar/dashboard won’t be visible… now Customer A doesn’t want anyone else in his home to see the gallery and therefor wants to logout, so his/her partner won’t accidentally reopen the browser and the hidden content ist still visible. How can he log out?

    Should I use another plug-in for that? or ad something in the main menu?

    Please help. Thanks in advance.

    Bram from Hamburg, Germany

    • This article is just talking about hiding the admin. You’d only be doing this if you had a system for handling the user on the frontend of the website. So, for example, in your case, you’d need to have some sort of link for the logged in user on the frontend that logs them out. Just google wordpress logout link and you’ll find some good resources.

  5. Hello Jason,
    Thanks for your solution about this.

    But this can cause problem if you use ajax in wordpress.
    You now, wordpress ajax use wp-admin/admin-ajax.php file.

    So if a user is restricted to entire wp-admin folder, he will be restricted also in admin-ajax.php so ajax function will not work anymore.

    I solved that by adding an extra condition in:

    if ( ! current_user_can( ‘edit_posts’ ) ){
    if (defined( ‘DOING_AJAX’ ) and DOING_AJAX) {
    // do nothing
    } else {
    wp_redirect( site_url() );

    Hope that helps for developers who wants to disable wp-admin for subscribers, and also have ajax request on website.

    • Bogdan – a HUGE catch re:ajax not working

      The original code cause some very bad problems for me since I run several plugins that require ajax to record data from users. My site had hundreds of users who take online courses and exams and this code caused none of their exam scores to be recorded — it produced 202 errors all over the place from failed ajax calls.

      Jason, thanks for this solution, but I must suggest you include a post update in a prominent place on this page to notify that this code will break ajax functionality for those sites that require it.

      Thanks again Bogdan.

    • Better syntaxis:

      function themeblvd_redirect_admin(){
      if ( !current_user_can( 'edit_posts' ) && !(defined('DOING_AJAX') && DOING_AJAX) ) {
      wp_redirect( site_url() );
      add_action( 'admin_init', 'themeblvd_redirect_admin' );

    • Thanks Bogdan! I had implemented this code and never noticed it had killed a popular post plugin feature I was using because it was updating page counts via AJAX. Took me forever to troubleshoot back to this function but luckily I had commented it with the original source and came for a re-read and saw your comment which fixed my situation very nicely. Great, helpful comment. I suggest Jason update his post to include your modification because a lot of people will probably have AJAX functions they rely on.

  6. Hello Jason, No this is not solved my issue, i have did this function so the subscribers can not upvote, i am using another plugin for upvote, but the same ajax issue still exists.

  7. worked for me thanks. Dumbest feature in wordpress to allow users (subscribers) to log into the admin side, even if they can only update their profile info.
    I only want our users to access the site front end (I have a private locked site)
    Thanks heaps

  8. Paste this function into your themes functions.php to redirect every subscriber from the admin back to your homepage:

    add_action('admin_init', function() {
    	$wp_user = wp_get_current_user();
    	if(isset($wp_user->caps['subscriber']) && $wp_user->caps['subscriber']){
  9. Thanks for the code.
    On my website I would like to redirect the users after they log in. I do not want to completely remove the panel for them. Is that possible?

  10. Works like a charm! Jason is there any way that the redirect can point towards a specific page instead of my homepage? That would make this code even more awesome!

  11. Thank you Jason for these functions and thank you Bogdan Rusu for the Ajax extra condition! Really helpful, this was just what I was looking for!

  12. Thanks Jason. I have one requirement. I am using myCred plugin. I want to show points log for subscriber role users without giving them left navigation access. Is that possible with above code?

Comments are closed.