How can visitors redirect wp-admin to the homepage?
My site details: 1. I used BuddyPress; 2. Users can sign up and login via BuddyPress; 3. User role only Admin and Author;
Needs: 1. wp-admin only admin can access, if not an admin, and visitors and Authors then redirect to home page; 2. Users force use BuddyPress login page.
Anyone have ideas?
How can visitors redirect wp-admin to the homepage?
My site details: 1. I used BuddyPress; 2. Users can sign up and login via BuddyPress; 3. User role only Admin and Author;
Needs: 1. wp-admin only admin can access, if not an admin, and visitors and Authors then redirect to home page; 2. Users force use BuddyPress login page.
Anyone have ideas?
Share Improve this question asked Apr 6, 2018 at 13:16 user141134user141134 2- What have you researched so far? What have you tried? – Andy Macaulay-Brook Commented Apr 6, 2018 at 13:28
- You can use this plugin wordpress/plugins/wps-hide-login ( I am not the developer of this plugin or not affiliated with them ) to change/hide your default wordpress login page and then use a 301 redirect plugin. This way, only admin will know where login page really exists and the authors or visitors will not have a clue about it. – M.S Shohan Commented Apr 6, 2018 at 15:13
2 Answers
Reset to default 4The codex entry for the admin_init hook has an example showing you how to do this.
/**
* Restrict access to the administration screens.
*
* Only administrators will be allowed to access the admin screens,
* all other users will be automatically redirected to
* 'example/path/to/location' instead.
*
* We do allow access for Ajax requests though, since these may be
* initiated from the front end of the site by non-admin users.
*/
function restrict_admin_with_redirect() {
if ( ! current_user_can( 'manage_options' ) && ( ! wp_doing_ajax() ) ) {
wp_safe_redirect( 'example/path/to/location' ); // Replace this with the URL to redirect to.
exit;
}
}
add_action( 'admin_init', 'restrict_admin_with_redirect', 1 );
A few notes on how this works:
current_user_can( 'manage_options' )checks to see if the logged in user has a capability only admin accounts should have. The proceeding!means "not". We are checking for a capability instead of simply checking for the admin role as a best practice. You should treat the role as nothing more than a label and check for capabilities (read: permissions) to check if a user can do something. Read more about the roles & caps here.wp_doing_ajax()Makes sure the current request is not a WordPress Ajax request. If it is, it's possible the user is not actually on the admin so no need to redirect. The proceeding!means "not".wp_safe_redirect( 'example/path/to/location' );Redirects the user to the URL you pass it. You can find the documentation here. Note:wp_safe_redirect()is the recommended function notwp_redirect(). Thanks @Nathan Johnsonexit;Stops execution of the script making the redirect the last action we do.
add_action( 'admin_init', 'restrict_admin_with_redirect', 1 );Fire this check on theadmin_initbecause it's the first hook fired after authentication. Pass1as the last argument to make sure out function is fired before any other hooks.
Is your own internet connection on a static IP? If so you can block wp-admin to everyone except your own IP. This is what I do. It can be achieved via various plugins but can also be done via htaccess.