Hello i have a question , i want to create the whole panel for users by myself and i dont wanna just hide the wordpress panel i dont wanna let users have access to wordpress panel, is that possible , because i know how to hide it:
add_action('after_setup_theme', 'remove_admin_bar');
function remove_admin_bar() {
if (!current_user_can('administrator') && !is_admin()) {
show_admin_bar(false);
}
}
but if someone type site/wp-admin he still have access.
Hello i have a question , i want to create the whole panel for users by myself and i dont wanna just hide the wordpress panel i dont wanna let users have access to wordpress panel, is that possible , because i know how to hide it:
add_action('after_setup_theme', 'remove_admin_bar');
function remove_admin_bar() {
if (!current_user_can('administrator') && !is_admin()) {
show_admin_bar(false);
}
}
but if someone type site/wp-admin he still have access.
Share Improve this question edited Jan 12, 2019 at 13:55 Krzysiek Dróżdż 25.6k9 gold badges53 silver badges74 bronze badges asked Jan 12, 2019 at 13:39 MariuszMariusz 234 bronze badges 1- Ahhh, good old WPbeginner with its code full of bad practices... – Krzysiek Dróżdż Commented Jan 12, 2019 at 13:55
1 Answer
Reset to default 0First of all, you should never use current_user_can function with roles. You should use only capabilities as params, as Codex clearly states:
While checking against particular roles in place of a capability is supported in part, this practice is discouraged as it may produce unreliable results.
So, if we've dealt with that major issue...
There are 2 things you have to do, if you want to disable wp-admin for subscribers:
1. Hide Admin Bar
Admin bar is the dark bar displayed at the top of a page, when user is logged in.
You can hide it using this code:
function remove_admin_bar() {
if ( is_user_logged_in() ) {
$user = wp_get_current_user();
if ( in_array('subscriber', $user->roles) ) {
show_admin_bar(false);
}
}
}
add_action('after_setup_theme', 'remove_admin_bar');
2. Prevent wp-admin access
function restrict_wpadmin_access() {
if ( ! defined('DOING_AJAX') || ! DOING_AJAX ) {
$user = wp_get_current_user();
if ( in_array('subscriber', $user->roles) ) {
wp_redirect( site_url( '/user/' ) ); // <- or wherever you want users to go instead
die;
}
}
}
add_action( 'admin_init', 'restrict_wpadmin_access' );
If you want to target different user group, all you need to do is to change this line in both functions above to match your needs:
if ( in_array('subscriber', $user->roles) ) {