By Do you need to add users to your WordPress dashboard, but don’t want them to have full access? Have you already added users, but want to adjust their capabilities within WordPress?
Your WordPress dashboard is the main control room for your WordPress website. For that reason, you want to make sure it’s behind locked doors for certain people. Limiting a user’s access to your WordPress dashboard will ensure that they can’t access important aspects of your site. It will also increase security within the backend of WordPress, too.
Whatever your reason is for wanting to limit access to your WordPress dashboard, there are 3 simple ways that you can do it:
- Method 1: Set user roles and permissions
- Method 2: Add code to the functions.php file
- Method 3: Use a plugin
In this article, we’ll explain each option in more detail and tell you how to do it.
Why Should I Limit Access to My WordPress Dashboard?
There are a few reasons why you might want to restrict user access to your WordPress dashboard.
Perhaps you want your writers to be able to create and edit their work, as well as have editors to ensure the work is top-notch. But you don’t want them to be able to change settings, your theme, plugins, and so on.
Maybe you want to add subscribers, but want to ensure they’re directed to the correct area, so they can’t access your dashboard at all.
After all, if someone has full access to the backend of your WordPress website, they could easily ruin what you’ve built up — intentionally or unintentionally.
So, the best thing for you to do is manage and control all of your users’ access to make sure something like that doesn’t happen.
How to Restrict Access to Your WordPress Dashboard
As we mentioned before, there are 3 ways in which you can restrict access to your WordPress dashboard, but here they are in a little more detail:
- Set user roles, as well as specific permissions for each user to define what they can and can’t do.
- Completely block all non-admin users from accessing the dashboard by adding code to the functions.php file.
- Use a plugin to set access limitations for specific users, as well as specify capabilities. You can also redirect other users, such as those paying for a membership, to a specific URL.
In the next few sections, we’ll walk you through each of the methods above.
Method 1: How to Limit Access to Your WordPress Dashboard with User Roles and Permissions
You can define what users can or can’t do using WordPress’s default user roles. They’re designed so that the website owner can control user permissions easily. Each role has different capabilities, such as writing posts, creating pages, adding categories, publishing, and so on. There are 5 default WordPress roles. Here is a summary of each role’s capabilities:
- Administrator — Has access to all admin features
- Editor — Is able to create, manage and publish their own posts, as well as other users’ posts.
- Author — Is able to create, manage and publish their own posts
- Contributor — Is able to create and manage their own posts, but cannot publish them
- Subscriber — Is able to manage their own profile, but nothing else
There’s also a Super Admin role. That role includes the same capabilities that an Administrator has, as well as some multi-site capabilities. The Super Admin role only occurs in multisite installations. For a single site WordPress installation, the Administrators are effectively the Super Admins. Setting a specific role for each of your users is easy, so let’s get into it.
The first thing you need to do is go to “Users” in the WordPress menu.
You can then add a new user or edit an existing user’s profile. We’ll go through both of those options now.
Edit an Existing User’s Profile on WordPress
- Click on the user’s profile name to open their profile. Then scroll until you see “Role” and click the dropdown box next to it.
- Choose the role that you want for this user and click on it.
- Scroll to the bottom and click “Update User.”
Alternatively, you can bulk-choose the roles for your users. Simply check the box next to the users you want to edit. Then select a role from the drop-down box. Then click Change.
Choose a New WordPress User’s Role
Click Add New and enter all of the relevant information for your new user. Then you can select the user’s role from the drop-down box at the end. Once you’re done, click Add New User.
The Subscriber role is the most limited role, and it is a good idea to set the default role for all new users as Subscriber. To do that, go to Settings>General on your WordPress Menu. Scroll down to New User Default Role and select the role from the drop-down menu. You can always change a user’s role later on.
Method 2: How to Limit Access to Your WordPress Dashboard with Code
If your website doesn’t have many authors or editors, or you run a membership site, you can block anyone who’s not an Administrator from your dashboard with code.
All you need to do is add the following code at the end of the functions.php file.
add_action( 'init', 'blockusers_init' );
function blockusers_init() {
if ( is_admin() && ! current_user_can( 'administrator' ) &&
! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
wp_redirect( home_url() );
exit;
}
}This will ensure that only admins are permitted to access your dashboard. Any other user that logs in will be redirected to your home page.
Method 3: How to Limit Access to your WordPress Dashboard with a Plugin
Using a plugin to restrict access to your WordPress dashboard can offer more advantages. You can set user roles and specific capabilities, as well as redirect certain users to a specific web page.
One of the best WordPress plugins for the job is Remove Dashboard Access. It’s a free plugin and it’s super easy to use.
Install and activate the plugin. Then go to Settings>Dashboard Access from your WordPress menu.
Here you can allow dashboard access to the following groups:
- Administrators only
- Editors and Administrators
- Authors, Editors, and Administrators
Alternatively, you can limit by capability. You can also specify which URL you want disallowed users to be redirected to. When you’ve finished configuring the plugin, click Save Changes.
Conclusion
Restricting access to your WordPress dashboard is important. The last thing you want is a writer, editor, or even a subscriber messing with your settings and changing or deleting something. Whether that be by accident or on purpose.
Any of the methods listed above will help you limit access to your WordPress dashboard. That little bit of extra security goes a long way.
Your users will be thankful that they don’t have certain access if they’re not familiar with the WordPress dashboard as a whole, too.
Plus, being able to redirect to another web page means that anyone who accidentally or purposely tries to land on your dashboard will be promptly placed elsewhere.
Have you restricted access to your WordPress dashboard? Which method do you think is the best for restricting access?
Let us know in the comment section. Also, be sure to check out our guide to the best backup WordPress plugins. With a backup plugin, you won’t lose everything you’ve worked hard on. Thank you for reading.