Ecommerce Shopify WordPress Discussion

Prevent access to Admin menu items at WordPress backend

I would like to hide and restrict access to some Admin menu items at Wordpress backend for all users except Administrator who is the site owner. Thos Admin menu items have the followings URLs: https://www.mysite1.com/wp-admin/edit.php https://www.mysite1.com/wp-admin/tools.php https://www.mysite1.com/wp-admin/options-general.php https://www.mysite1.com/wp-admin/admin.php?page=wpcf7 https://www.mysite1.com/wp-admin/edit.php?post_type=acf-field-group https://www.mysite1.com/wp-admin/admin.php?page=menu-image-options https://www.mysite1.com/wp-admin/admin.php?page=revslider To hide those menu items from those who are not Administrator, I use the following codes in functions.php: add_action( 'admin_init', 'hide_admin_menu_items' ); function hide_admin_menu_items() { $current_user = wp_get_current_user(); if ($current_user->ID != 1) { remove_menu_page('edit.php'); // Posts remove_menu_page('wpcf7'); // Contact Form 7 remove_menu_page('tools.php'); // Tools remove_menu_page('options-general.php'); // Settings remove_menu_page('edit.php?post_type=acf-field-group'); // ACF plugin remove_menu_page('menu-image-options'); // Menu image plugin remove_menu_page('revslider'); // Revslider plugin } } The above codes work very well as intended. To prevent access to the above pages or URLs, here are codes in functions.php: // Prevent access to Admin menu items add_action( 'load-edit.php', 'prevent_admin_access' ); // Posts add_action( 'load-wpcf7', 'prevent_admin_access' ); // Contact form 7 plugin - Not working add_action( 'load-tools.php', 'prevent_admin_access' ); // Tools add_action( 'load-options-general.php', 'prevent_admin_access' ); // Settings add_action( 'load-acf-field-group', 'prevent_admin_access' ); // ACF plugin add_action( 'load-menu-image-options', 'prevent_admin_access' ); // Image menu plugin - Not working add_action( 'load-revslider', 'prevent_admin_access' ); // Rev slider plugin - Not working function prevent_admin_access() { // $current_user = wp_get_current_user(); // if ($current_user->ID != 1) { // dump and exit user id var_dump($user_ID); exit; if ( $user_ID != 1 ) { wp_die("You are not pwermitted to access this page!"); exit(); } } The above codes dont work for some plugins; they dont restrict access to those who are not Administrator. I use this guide as a reference: https://wordpress.stackexchange.com/questions/113322/remove-menu-items-from-admin-page-and-limit-capabilities What is the correct way of coding, for example, Page/URL: https://www.mysite1.com/wp-admin/admin.php?page=wpcf7 I use wpcf7 as the page for Contact form 7 plugin which does not work: add_action( 'load-wpcf7', 'prevent_admin_access' ); What is the correct page for Contact form 7 plugin should be used in the above codes? Very appreciate any help.
Here is an updated answer below, please read comments below so you know what is happening... You will notice in my code comments which cases that I have tested and which cases I have not.. I don't have have plugins wpcf7, menu-image-options and revslider installed so it's hard for predict how these plugin edit screens work. Hopefully the logic of how I've presented my php code below might give you a better insight in how to accomplish your problem via a single function. If you still having problems, please get back to me. Updated code below... // add action to admin init to dedicate access add_action('admin_init', 'prevent_admin_access'); /** * if $user_id is not 1 then hide specific admin menu items * and prevent access to specific admin php pages * @return void */ function prevent_admin_access() { // global $user_ID var global $user_ID; // if $user_ID is not 1 if ($user_ID != 1) { // remove posts from wp admin menu remove_menu_page('edit.php'); // global $pagenow global $pagenow; // prevent admin access to specific php pages (tools, options-general, admin, edit) // switch case for $pagenow var switch ($pagenow) { case 'tools.php': // if $pagenow is tools.php die and exit message wp_die('You are not allowed to access the Tools page.'); break; case 'options-general.php': // if $pagenow is options-general.php die and exit message wp_die('You are not allowed to access the Options General page.'); break; case 'admin.php': // if $pagenow is admin.php... // get $page url var param from admin.php page $page = isset($_GET['page']) ? $_GET['page'] : false; // switch case $page switch ($page) { case 'wpcf7': // if $page is wpcf7 die and exit message wp_die('You are not allowed to access the Contact Form 7 page.'); break; case 'menu-image-options': // if $post_type is menu-image-options die and exit message wp_die('You are not allowed to access the Menu Image Options page.'); break; case 'revslider': // if $post_type is revslider die and exit message wp_die('You are not allowed to access the Revolution Slider page.'); break; default: // return if no $page match return; } // break out when done if ever necessary break; case 'edit.php': // if $pagenow is edit.php... // get $post_type url var param from edit.php page $post_type = isset($_GET['post_type']) ? $_GET['post_type'] : false; // switch case $post_type switch ($post_type) { case 'acf-field-group': // if $post_type is acf-field-group die and exit message wp_die('You are not allowed to access the ACF Field Group page.'); break; default: // return if no $post_type match return; } // break out when done if ever necessary break; default: // return if no $pagenow match return; } } } Anyway, hope this helps you out!

December 30, 2023

FIXED: My issue has been fixed by joshmoto. Here is fully working codes. Hide Admin menu items from users who are not Admininstrator of Wordpress: add_action( 'admin_init', 'hide_admin_menu_items' ); function hide_admin_menu_items() { $current_user = wp_get_current_user(); if ($current_user->ID != 1) { remove_menu_page('edit.php'); // Posts remove_menu_page('wpcf7'); // Contact Form 7 remove_menu_page('tools.php'); // Tools remove_menu_page('options-general.php'); // Settings remove_menu_page('edit.php?post_type=acf-field-group'); // ACF plugin remove_menu_page('menu-image-options'); // Menu image plugin remove_menu_page('revslider'); // Revslider plugin } } Prevent access to certain Admin pages if users are not Administrators: // add action to admin init to dedicate access add_action('admin_init', 'prevent_admin_access'); /** * if $user_id is not 1 then hide specific admin menu items * and prevent access to specific admin php pages * @return void */ function prevent_admin_access() { // global $user_ID var global $user_ID; // if $user_ID is not 1 if ($user_ID != 1) { // remove posts from wp admin menu remove_menu_page('edit.php'); // global $pagenow global $pagenow; // prevent admin access to specific php pages (tools, options-general, admin, edit) // switch case for $pagenow var switch ($pagenow) { case 'tools.php': // if $pagenow is tools.php die and exit message wp_die('You are not allowed to access the Tools page.'); break; case 'options-general.php': // if $pagenow is options-general.php die and exit message wp_die('You are not allowed to access the Options General page.'); break; case 'admin.php': // if $pagenow is admin.php... // get $page url var param from admin.php page $page = isset($_GET['page']) ? $_GET['page'] : false; // switch case $page switch ($page) { case 'wpcf7': // if $page is wpcf7 die and exit message wp_die('You are not allowed to access the Contact Form 7 page.'); break; case 'menu-image-options': // if $post_type is menu-image-options die and exit message wp_die('You are not allowed to access the Menu Image Options page.'); break; case 'revslider': // if $post_type is revslider die and exit message wp_die('You are not allowed to access the Revolution Slider page.'); break; default: // return if no $page match return; } // break out when done if ever necessary break; case 'edit.php': // if $pagenow is edit.php... // get $post_type url var param from edit.php page $post_type = isset($_GET['post_type']) ? $_GET['post_type'] : false; // switch case $post_type switch ($post_type) { case 'acf-field-group': // if $post_type is acf-field-group die and exit message wp_die('You are not allowed to access the ACF Field Group page.'); break; default: // return if no $post_type match return; } // break out when done if ever necessary break; default: // return if no $pagenow match return; } } } if you have more restricted Admin pages, just add more case ... Many thanks

December 30, 2023

TurboCommerce make the better internet purchasing globaly

Turbo Multi-language Translator

Make the better internet purchasing globaly

Turbosify SEO Speed Booster

5.0 (7) Free plan available
Get better conversions by improving store loading speed Installed

Turbo Multi-language Chat - AI Customer service in one hand

TurboCommerce make the better internet purchasing globaly
Our products

The help you need, when you need it

App by Turbo Engine

3 apps • 5.0 average rating

Turbosify Speed Booster

5.0 (7)
Get better conversions by optimizing shopify store Google page speed Installed

Turbosify Translator for Wordpress Woocommerce

5.0 (74) Free Wordpress Woocommerce Plugin
Translate your wordpress website to multiple language within 1 click, no configuration needed, no No technical required

Grow your business here

Whether you want to sell products down the street or around the world, we have all the tools you need.