Preventing Users From Accessing wp-admin

If you have a WordPress site that you allow people to sign up for, you often don’t want them to be able to access wp-admin. It’s not that there are any security issues, you just want to ensure that your users are accessing your site in a predictable manner.

To block non-admin users from getting into wp-admin, you just need to add the following code to your functions.php, or somewhere similar:

Ta-da! Now, only administrator users can access wp-admin, everyone else will be re-directed to the homepage.

33 thoughts on “Preventing Users From Accessing wp-admin”

  1. Another item you may want to do is remove the admin bar for non-admin users.

    // remove admin bar for non publishers
    function my_function_admin_bar($content) {
    return ( current_user_can(“administrator”) ) ? $content : false;
    add_filter( ‘show_admin_bar’ , ‘my_function_admin_bar’);

  2. Nice and neat, this code only blocks the display of the WP-Admin and users can still run actions (i.e. sending specific POST requests) or does it disable both display and access?

  3. Xavi: the init action is run before anything interesting happens in the wp-admin code, so yes. It disables both display and access.

  4. There is a simple way to remove the admin bar, just add to functions.php the following line:



  5. i’m seeing this break front-end AJAX, like in bbPress, where a logged-in user can Favorite or Subscribe To a topic. Those links use ajax, which actually calls an Admin URL (i’m not clear why): admin_url( ‘admin-ajax.php’ ). So blocking a user from the WP-Admin backend this way, seems to also block him from using ajax (at least in bbPress, or other plugins that do ajax this way). I’m not a plugin developer, so i’m not familiar.

  6. Useful function, although I might recommend hooking this into admin_init instead of init, that way it won’t even bother doing all the conditional logic on front-end pages.

  7. Hi
    but if that script is running and i come along as an Admin user to login, how can I see the /wp-admin page to actually login myself ?

  8. Is there any way to modify this so that anyone who has an account lower than an Author can’t access wp-admin? Basically, I only want Authors, Editors, and the Administrator to have access to wp-admin.

    1. OK, after posting this question I found a solution here:

      Basically just change the USER_ROLE_NAME_HERE and 2ND_ROLE_NAME_HERE to the user roles you DON’T want to access wp-admin.

      In my case ‘subscriber’ and ‘contributor’. For anyone else, if there’s only one role that needs to be blocked just remove the line that says OR current_user_can( ‘2ND_ROLE_NAME_HERE’ ), or if there are more than two, copy that line as many times as needed and replace 2ND_ROLE_NAME_HERE with whatever roles you need to block.

      Works great!

  9. Thanks a lot, I love the hack and it works just fine for me. Couldn’t leave without leaving a comment…

  10. the code is very good one and work ok with wordpress 3.8
    but , there a problem :
    after pasting it in function.php file , the user ( author ) couldn’t upload image in the front end post form

    do you have any answer for this ?? please

  11. Hi. I would like the wp-admin to be accessed by administrator and editor users only. How is this possible?

Comments are closed.