Prevent access to Admin menu items at WordPress backend
Prevent access to Admin menu items at WordPress backend
I would like to hide and restrict access to some Admin menu items at Wordpress backend for all users except Administrator who is the site owner.
Thos Admin menu items have the followings URLs:
https://www.mysite1.com/wp-admin/edit.php
https://www.mysite1.com/wp-admin/tools.php
https://www.mysite1.com/wp-admin/options-general.php
https://www.mysite1.com/wp-admin/admin.php?page=wpcf7
https://www.mysite1.com/wp-admin/edit.php?post_type=acf-field-group
https://www.mysite1.com/wp-admin/admin.php?page=menu-image-options
https://www.mysite1.com/wp-admin/admin.php?page=revslider
To hide those menu items from those who are not Administrator, I use the following codes in functions.php:
add_action( 'admin_init', 'hide_admin_menu_items' );
function hide_admin_menu_items() {
$current_user = wp_get_current_user();
if ($current_user->ID != 1) {
remove_menu_page('edit.php'); // Posts
remove_menu_page('wpcf7'); // Contact Form 7
remove_menu_page('tools.php'); // Tools
remove_menu_page('options-general.php'); // Settings
remove_menu_page('edit.php?post_type=acf-field-group'); // ACF plugin
remove_menu_page('menu-image-options'); // Menu image plugin
remove_menu_page('revslider'); // Revslider plugin
}
}
The above codes work very well as intended.
To prevent access to the above pages or URLs, here are codes in functions.php:
// Prevent access to Admin menu items
add_action( 'load-edit.php', 'prevent_admin_access' ); // Posts
add_action( 'load-wpcf7', 'prevent_admin_access' ); // Contact form 7 plugin - Not working
add_action( 'load-tools.php', 'prevent_admin_access' ); // Tools
add_action( 'load-options-general.php', 'prevent_admin_access' ); // Settings
add_action( 'load-acf-field-group', 'prevent_admin_access' ); // ACF plugin
add_action( 'load-menu-image-options', 'prevent_admin_access' ); // Image menu plugin - Not working
add_action( 'load-revslider', 'prevent_admin_access' ); // Rev slider plugin - Not working
function prevent_admin_access() {
// $current_user = wp_get_current_user();
// if ($current_user->ID != 1) {
// dump and exit user id
var_dump($user_ID); exit;
if ( $user_ID != 1 ) {
wp_die("You are not pwermitted to access this page!");
exit();
}
}
The above codes dont work for some plugins; they dont restrict access to those who are not Administrator. I use this guide as a reference:
https://wordpress.stackexchange.com/questions/113322/remove-menu-items-from-admin-page-and-limit-capabilities
What is the correct way of coding, for example,
Page/URL: https://www.mysite1.com/wp-admin/admin.php?page=wpcf7
I use wpcf7 as the page for Contact form 7 plugin which does not work:
add_action( 'load-wpcf7', 'prevent_admin_access' );
What is the correct page for Contact form 7 plugin should be used in the above codes?
Very appreciate any help.
Here is an updated answer below, please read comments below so you know what is happening...
You will notice in my code comments which cases that I have tested and which cases I have not..
I don't have have plugins wpcf7, menu-image-options and revslider installed so it's hard for predict how these plugin edit screens work.
Hopefully the logic of how I've presented my php code below might give you a better insight in how to accomplish your problem via a single function.
If you still having problems, please get back to me.
Updated code below...
// add action to admin init to dedicate access
add_action('admin_init', 'prevent_admin_access');
/**
* if $user_id is not 1 then hide specific admin menu items
* and prevent access to specific admin php pages
* @return void
*/
function prevent_admin_access() {
// global $user_ID var
global $user_ID;
// if $user_ID is not 1
if ($user_ID != 1) {
// remove posts from wp admin menu
remove_menu_page('edit.php');
// global $pagenow
global $pagenow;
// prevent admin access to specific php pages (tools, options-general, admin, edit)
// switch case for $pagenow var
switch ($pagenow)
{
case 'tools.php':
// if $pagenow is tools.php die and exit message
wp_die('You are not allowed to access the Tools page.');
break;
case 'options-general.php':
// if $pagenow is options-general.php die and exit message
wp_die('You are not allowed to access the Options General page.');
break;
case 'admin.php':
// if $pagenow is admin.php...
// get $page url var param from admin.php page
$page = isset($_GET['page']) ? $_GET['page'] : false;
// switch case $page
switch ($page)
{
case 'wpcf7':
// if $page is wpcf7 die and exit message
wp_die('You are not allowed to access the Contact Form 7 page.');
break;
case 'menu-image-options':
// if $post_type is menu-image-options die and exit message
wp_die('You are not allowed to access the Menu Image Options page.');
break;
case 'revslider':
// if $post_type is revslider die and exit message
wp_die('You are not allowed to access the Revolution Slider page.');
break;
default:
// return if no $page match
return;
}
// break out when done if ever necessary
break;
case 'edit.php':
// if $pagenow is edit.php...
// get $post_type url var param from edit.php page
$post_type = isset($_GET['post_type']) ? $_GET['post_type'] : false;
// switch case $post_type
switch ($post_type)
{
case 'acf-field-group':
// if $post_type is acf-field-group die and exit message
wp_die('You are not allowed to access the ACF Field Group page.');
break;
default:
// return if no $post_type match
return;
}
// break out when done if ever necessary
break;
default:
// return if no $pagenow match
return;
}
}
}
Anyway, hope this helps you out!
December 30, 2023
FIXED:
My issue has been fixed by joshmoto. Here is fully working codes.
Hide Admin menu items from users who are not Admininstrator of Wordpress:
add_action( 'admin_init', 'hide_admin_menu_items' );
function hide_admin_menu_items() {
$current_user = wp_get_current_user();
if ($current_user->ID != 1) {
remove_menu_page('edit.php'); // Posts
remove_menu_page('wpcf7'); // Contact Form 7
remove_menu_page('tools.php'); // Tools
remove_menu_page('options-general.php'); // Settings
remove_menu_page('edit.php?post_type=acf-field-group'); // ACF plugin
remove_menu_page('menu-image-options'); // Menu image plugin
remove_menu_page('revslider'); // Revslider plugin
}
}
Prevent access to certain Admin pages if users are not Administrators:
// add action to admin init to dedicate access
add_action('admin_init', 'prevent_admin_access');
/**
* if $user_id is not 1 then hide specific admin menu items
* and prevent access to specific admin php pages
* @return void
*/
function prevent_admin_access() {
// global $user_ID var
global $user_ID;
// if $user_ID is not 1
if ($user_ID != 1) {
// remove posts from wp admin menu
remove_menu_page('edit.php');
// global $pagenow
global $pagenow;
// prevent admin access to specific php pages (tools, options-general, admin, edit)
// switch case for $pagenow var
switch ($pagenow)
{
case 'tools.php':
// if $pagenow is tools.php die and exit message
wp_die('You are not allowed to access the Tools page.');
break;
case 'options-general.php':
// if $pagenow is options-general.php die and exit message
wp_die('You are not allowed to access the Options General page.');
break;
case 'admin.php':
// if $pagenow is admin.php...
// get $page url var param from admin.php page
$page = isset($_GET['page']) ? $_GET['page'] : false;
// switch case $page
switch ($page)
{
case 'wpcf7':
// if $page is wpcf7 die and exit message
wp_die('You are not allowed to access the Contact Form 7 page.');
break;
case 'menu-image-options':
// if $post_type is menu-image-options die and exit message
wp_die('You are not allowed to access the Menu Image Options page.');
break;
case 'revslider':
// if $post_type is revslider die and exit message
wp_die('You are not allowed to access the Revolution Slider page.');
break;
default:
// return if no $page match
return;
}
// break out when done if ever necessary
break;
case 'edit.php':
// if $pagenow is edit.php...
// get $post_type url var param from edit.php page
$post_type = isset($_GET['post_type']) ? $_GET['post_type'] : false;
// switch case $post_type
switch ($post_type)
{
case 'acf-field-group':
// if $post_type is acf-field-group die and exit message
wp_die('You are not allowed to access the ACF Field Group page.');
break;
default:
// return if no $post_type match
return;
}
// break out when done if ever necessary
break;
default:
// return if no $pagenow match
return;
}
}
}
if you have more restricted Admin pages, just add more case ...
Many thanks
December 30, 2023
Turbo Multi-language Translator
Make the better internet purchasing globaly
Turbosify SEO Speed Booster
5.0 (7)•Free plan available
Get better conversions by improving store loading speed
Installed
Turbo Multi-language Chat - AI Customer service in one hand
December 30, 2023
December 30, 2023