How to Manage and Control User Access to WordPress Dashboard

How many people would you hand your home keys to & let them get into anything that they want? The same can be said about Your WordPress dashboard & its multiple users.

If you considered your WordPress website as your online home, you wouldn’t always want just anyone to go through all your drawers.

This article will tell you some of the easiest ways to limit access for WordPress users by using the code in functions.php file, making changes in the admin area, or using plugins.

Why Limit Dashboard Access?

Only users you trust should have access to the admin area of your WordPress website. Let’s say you’re running a multi-author blog, then you should give access to contributors & editors, but not to subscribers.

Even when you’re giving some users access to your admin area, you can still manage what they can and cannot see on the dashboard.

Manage or Limit Dashboard Access with User Roles & Permissions

If you are the website owner, you can assign user roles that control how much access to the dashboard they have.

WordPress roles have various capabilities and actions that users are allowed to conduct, such as editing posts and writing, moderating comments, creating pages, etc.

One of the easiest ways to limit access is to set up a new user as a Subscriber. The subscriber role is very limited & only allows the user to read content on the website’s front end & manage their profiles. This can be done in the admin area of your WordPress site.

To limit access, go to Settings > General. Then set any New User Default Role as a Subscriber. You can also change the roles of any user that has access to your website at any time. So, any existing user roles can be modified under Users > All Users.

Add new user default role

Then, click the user’s box whose role you would like to change, or you can select numerous users in bulk.

change WordPress user roles

So what’s the difference between roles in WordPress? Here are some of the WordPress role options:

  • Admin/Super Admin: It allows access to the site network administration features & every other feature on a single website. The Super admin role is only available with multisite.
  • Editor: Users who can manage & publish posts, including the posts of other WordPress users.
  • Author: Users who can manage & publish their posts.
  • Contributor: Allows a user to write & manage their posts but not publish them.
  • Subscriber: As mentioned above, it’s very limited. It only allows users to manage their profiles.

So each role has its capabilities, you can easily adjust & change roles as needed.

Use Code to Limit Access

Another way to manage and control user access is with code. You can use the following code in your child themes functions.php file.

Use code to limit user access

This will block non-administrators from accessing your WordPress website’s backend. Only admins can have access & all other users will be redirected to the home page.

This code only works when a user logs into the WordPress dashboard. The code won’t be applicable to any user that’s not logged-in because they wouldn’t have any WordPress dashboard access.

Prevent Users From Dashboard Access with Plugin

WordPress plugins can have some advantages over the other options of limiting users, and plus plugins are easier to use.

For example, you can restrict access to user roles or users that have specific permissions & redirect others to a specific page. In this way, only trusted users could have dashboard access.

Here’s a quick rundown of a famous WordPress plugin that can help limit access to your WordPress dashboard.

Remove Dashboard Access

Remove dashboard access plugin

Remove Dashboard Access plugin is a simple & easy way to limit users’ access to your WordPress dashboard. With thousands of downloads and 5-star ratings, it’s a quality & popular option for many WordPress users.

Once you have downloaded and installed this plugin, it’s just the click of a button to limit users to the admin area.

In the Dashboard Access Control area, you’ve got the option to allow the dashboard access for administrators only, editors & administrators, or authors, editors, and administrators.

With the help of this plugin, you can also input a redirect URL for disallowed users, and you can allow all users to edit their profile and add a customized login message.

Dashboard access settings

So if you’re looking to limit your user’s options in the dashboard quickly, then this plugin has got all the essential features to do so.

WordPress Plugins to Extend User Roles and Capabilities

Here are the two best WordPress plugins for customizing user roles and capabilities.

User Role Editor

User Role Editor is a dedicated WordPress plugin for managing your website’s various user roles & capabilities. By using this plugin, you can change your capabilities with only a few clicks. You can also add new roles & provide selected capabilities to your users.

After installing and activating this plugin, you will find a new link ‘capabilities’ when you hover over a user profile. To change the capabilities of a profile, click on that link. This will take you to the following screen.

User role editor

The “Primary Role” drop-down section on the right will display the current role of the user. Also, you can change the user’s default by selecting one from the list, and assign additional roles by checking relevant roles from the “Other Roles” section.

You will find all the capabilities listed on the left-hand side. Check the “Show capabilities in human readable form” to make capabilities more understandable. The currently allowed capabilities for the user will be checked & blurred automatically.

To provide the additional capabilities, check the relevant capability box. To find out relevant skills, give the keyword in the “Quick filter” box. Here you’ll also see separate buttons to select or unselect all capabilities & to reverse your choice. After making the changes, click on ’update.’

If you want to change the default capabilities for any role in WordPress, go to Users > User Role Editor from your WordPress dashboard. And then select the role for which you want to change the capabilities. After choosing the capabilities for the role, click on “Update.”

You can also add new roles & new capabilities from this page. To do that, click the respective buttons & follow the directions. It’s also possible to rename new & existing roles. To rename, click on “Rename Role” to provide the new name, then click “Rename Role.”

Members

It’s a very popular user and role management plugin. By extending this plugin’s default user management features, you can control the users exactly as you want.

This plugin will create two new sub-menus under the “Users” menu in your site dashboard after installation and activation. Roles menu will display all the available roles along with the number of users & capabilities.

Hovering over a role will display some additional links – Delete, Edit, View Users. By editing a role, you can customize the role’s capabilities & add new capabilities. After making all the appropriate changes, click on “Update Role“.

Add new WP roles

And if you want to add a new role, go to Users >  Add New Role and provide the role name and role label. The role name should include characters & underscores only. In the Role Label, give the name you want to display as the role name in the roles list. And then select the capabilities you want to assign to this role.

After making all the changes, click on the “Add Role” button. You always have the luxury to edit the roles from the Users > Roles Page.

Members plugin also has some handy shortcodes. With the help of shortcodes, you can restrict content, check whether the user is logged in or not, and set subscriber-only feeds. You can see more details about using the shortcodes in the “plugins/members/docs/readme.html” file inside of your “wp-content” directory.

Conclusion

We hope this article will help you manage and limit dashboard access on your WordPress website more effectively. You have several options, from a code snippet, directly from the admin area, file access, or with the help of a plugin like Remove Dashboard Access.

But which matters most is that you should take control of your WordPress website & keep an eye on who can do what – when you allow user access. So to manage and control activities of users on your site, it’s better to limit user access to your WordPress dashboard today.

Leave a Reply

Your email address will not be published. Required fields are marked *