{"id":189714,"date":"2022-01-15T23:02:27","date_gmt":"2022-01-15T23:02:27","guid":{"rendered":"https:\/\/premium.wpmudev.org\/blog\/?p=189714"},"modified":"2022-01-19T12:15:38","modified_gmt":"2022-01-19T12:15:38","slug":"limit-access-wordpress-dashboard","status":"publish","type":"post","link":"https:\/\/wpmudev.com\/blog\/limit-access-wordpress-dashboard\/","title":{"rendered":"How to Limit Access to Your WordPress Dashboard"},"content":{"rendered":"<p>How many people would you hand your house keys to and let get into anything that they want? The same can be said about your WordPress account and its users. In this article, we explore some of the easiest ways to limit access for WP users using the admin, code, and plugins.<\/p>\n<p>If you considered your WordPress site like an online home, you wouldn&#8217;t always want everyone going through all of your drawers.<\/p>\n<p>The good news is, after reading this, you\u2019ll know how to hand out digital permission accordingly to your users and keep certain areas inaccessible.<\/p>\n<figure id=\"attachment_189715\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-189715\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/Dev_Man_Access.jpg\" alt=\"Dev Man with access pass.\" width=\"600\" height=\"300\" \/><figcaption class=\"wp-caption-text\">WordPress has its own access capabilities &#8212; without having an actual access pass.<\/figcaption><\/figure>\n<p>To kick things off&#8230;<\/p>\n<h3>Why Limit Usage?<\/h3>\n<p>You trust everyone that has access to your WordPress account, right? Well, sure. Maybe. However, it doesn\u2019t mean they need to have TOTAL access to everything.<\/p>\n<p>There are times you <a href=\"https:\/\/wpmudev.com\/blog\/limit-access-login-page\/\" target=\"_blank\" rel=\"noopener\">don\u2019t want every user to access it all<\/a>.<\/p>\n<p>For example, if you\u2019re running a multi-author blog and just want editors to have access to write and publish &#8212; and nothing else. That way they can\u2019t change the themes or plugins while logged in.<\/p>\n<p>Or, maybe you don\u2019t want subscribers to access your dashboard at all.<\/p>\n<p>Whatever the case may be, it\u2019s nice to have control over who has access to what, and set your WordPress site up accordingly.<\/p>\n<p>Let\u2019s start by limiting dashboard access in the WordPress dashboard.<\/p>\n<h2><a id=\"post-4126-_q2qp5kqnswp5\" target=\"_blank\"><\/a>Limiting Dashboard Access With Different User Roles and Permissions<\/h2>\n<p>If you\u2019re the site owner, you can assign user roles that <a href=\"https:\/\/wpmudev.com\/blog\/show-different-menus-user-roles\/\" target=\"_blank\" rel=\"noopener\">control how much access to the dashboard they have<\/a>.<\/p>\n<p>WordPress roles come with different capabilities and actions that users are allowed to conduct, such as writing and editing posts, creating pages, moderating comments, and more.<\/p>\n<p>An easy way to limit access is to set up a new user as a <strong>Subscriber<\/strong>. The Subscriber role is very limited and only allows the user to read content on the frontend of the site and manage their profiles.<\/p>\n<p>This can all be done in the admin area of WordPress.<\/p>\n<p>To do this, simply go to <strong>Settings<\/strong> and then <strong>General<\/strong>. From there, just set any <strong>New User Default Role<\/strong> as a <strong>Subscriber<\/strong>.<\/p>\n<figure id=\"attachment_189716\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-189716\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/set-to-subscriber-in-dashboard.png\" alt=\"Where you\u2019ll set up new user default settings.\" width=\"600\" height=\"148\" \/><figcaption class=\"wp-caption-text\">Where you\u2019ll set up new user default settings.<\/figcaption><\/figure>\n<p>You can change the roles of any user that has access to your site at any time. So, any existing user roles can be modified under <strong>Users<\/strong> and then <strong>All Users<\/strong>.<\/p>\n<p>From there, click the box of the user whose role you\u2019d like to change or you can select numerous users in bulk.<\/p>\n<figure id=\"attachment_189717\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-189717\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/change-users-role.png\" alt=\"The dropdown to change roles in WordPress\u2019 admin.\" width=\"600\" height=\"242\" \/><figcaption class=\"wp-caption-text\">The dropdown to change roles in WordPress\u2019 admin.<\/figcaption><\/figure>\n<p>So what\u2019s the difference of roles? The WordPress role options are:<\/p>\n<ul>\n<li><strong>Admin\/Super Admin:<\/strong> Allows access to the site network administration features and every other feature in a single site. Super Admin is only available with multisite.<\/li>\n<li><strong>Editor:<\/strong> A user who can publish and manage posts, including the posts of other users.<\/li>\n<li><strong>Author:<\/strong> Users can publish and manage their posts.<\/li>\n<li><strong>Contributor:<\/strong> Will allow a user to write and manage their posts, but not publish them.<\/li>\n<li><strong>Subscriber:<\/strong> As I mentioned, it\u2019s very limited. It only allows the user to manage their profile.<\/li>\n<\/ul>\n<p>As you can see, each role has different capabilities. You can adjust and change roles as needed.<\/p>\n<h3><a id=\"post-4126-_w200fu5k5wb4\" target=\"_blank\"><\/a>Using Code to Limit Access<\/h3>\n<p>Another way of limiting access is with code. It\u2019s easy to paste the following snippet of code into your child themes functions.php file.<\/p>\n<div class=\"gist\" data-gist=\"2c8d8a547333be49eef0fbee3195794d\"><a class=\"loading\" href=\"https:\/\/gist.github.com\/2c8d8a547333be49eef0fbee3195794d.js\">Loading gist 2c8d8a547333be49eef0fbee3195794d<\/a><div class=\"gist-consent-notice\" style=\"display:none\"><p>Please <a href=\"javascript:Cookiebot.renew()\">update your cookie preferences<\/a> to enable preference cookies to view this gist.<\/p><\/div><\/div>\n<p>This will block non-administrators from accessing your WordPress site\u2019s backend. Only admins can have access and all other users will be redirected to the home page.<\/p>\n<p>This code only functions when a user logs into the WordPress dashboard. It won\u2019t apply to any user that\u2019s not non-logged, because they wouldn\u2019t have any dashboard access, to begin with.<\/p>\n<p>If code isn\u2019t your thing, there\u2019s always a way to&#8230;<\/p>\n<h3><a id=\"post-4126-_duddjhdbbdah\" target=\"_blank\"><\/a>Prevent Users From Access with a Plugin<\/h3>\n<p>Plugins can have some advantages over the other options of limiting users. Plus, let\u2019s face it, they\u2019re easy to use.<\/p>\n<p>For example, you can simply restrict access to user roles or users that have specific permissions and redirect others to a specific page. This makes it so that only trusted users can have dashboard access.<\/p>\n<p>Here\u2019s a quick rundown of several plugins (some with familiar faces) that can help limit access to your WordPress dashboard.<\/p>\n<p>All of these are free to use, rated well, and have specific functionality.<\/p>\n<h3>Remove Dashboard Access<\/h3>\n<div class=\"image-grid cgrid-row\">\n<div class=\"cgrid-col cgrid-col-span-full\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-189718\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/remove-dashboard-access.png\" alt=\"Remove Dashboard Access.\" width=\"600\" height=\"271\" \/><\/div>\n<div><\/div>\n<p>The <a href=\"https:\/\/wordpress.org\/plugins\/remove-dashboard-access-for-non-admins\/\" rel=\"noopener\" target=\"_blank\">Remove Dashboard Access<\/a> plugin is a simple and easy way to limit access for users in your WordPress dashboard. With 5-star ratings and over 40K downloads, it\u2019s a quality and popular option for many WordPress users.<\/p>\n<p>Once you have it downloaded and installed, it\u2019s just a click of the button to limit users to the admin area.<\/p>\n<p>In the Dashboard Access Controls area, you can allow the dashboard access for administrators only, editors and administrators, or authors, editors, and administrators.<\/p>\n<p>There is also an advanced option for numerous options of more specific areas (e.g. ability to view story budget).<\/p>\n<p>&nbsp;<\/p>\n<\/div>\n<div><\/div>\n<div>\n<figure id=\"attachment_189719\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-189719\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/dashboard-access-settings.png\" alt=\"Where you\u2019ll select access options.\" width=\"600\" height=\"263\" \/><figcaption class=\"wp-caption-text\">Where you\u2019ll select access options.<\/figcaption><\/figure>\n<p>You can also input a redirect URL for disallowed users, allow all users to edit their profile, and also add a customized login message.<\/p>\n<\/div>\n<div><\/div>\n<div>\n<figure id=\"attachment_189720\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-189720\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/redirect-users.png\" alt=\"Post image\" aria-hidden=\"true\" width=\"600\" height=\"135\" \/><figcaption class=\"wp-caption-text\">Where you&#8217;ll put a redirect and also an option for a login message.<\/figcaption><\/figure>\n<p>Overall, if you&#8217;re looking to quickly limit your user\u2019s options in the dashboard, this plugin has the essential features to do so.<\/p>\n<h3>Branda<\/h3>\n<\/div>\n<div><\/div>\n<div>\n<div class=\"image-grid cgrid-row\">\n<div class=\"cgrid-col cgrid-col-span-full\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-189762\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/Branda-header.png\" alt=\"Branda header\" width=\"600\" height=\"278\" \/><\/div>\n<\/div>\n<\/div>\n<div class=\"image-grid cgrid-row\">\n<div><\/div>\n<p>If you want to take things up a notch, with <a href=\"https:\/\/wordpress.org\/plugins\/branda-white-labeling\/\" rel=\"noopener\" target=\"_blank\">Branda<\/a>, our very own 5-star rated white label plugin, you can customize every aspect of WordPress to match your brand.<\/p>\n<p>Plus, she can customize your admin menu based on user roles or custom user in the dashboard, which will allow users to have access to specific areas.<\/p>\n<\/div>\n<p>Once you have her installed and activated, all an be done in the <strong>Admin Menu<\/strong> and by clicking <strong>Activate<\/strong>.<\/p>\n<p>In the <strong>Custom Admin menu area<\/strong>, you can fully customize the admin sidebar for selected user roles or specific users.<\/p>\n<p>There&#8217;s a <strong>Customize<\/strong> button that when hit, will display all of your options. You can decide from the dropdown if you want to customize the menu for user roles or specific users.<\/p>\n<div><\/div>\n<div>\n<div class=\"wp-block-image size-full wp-image-189763\">\n<figure class=\"aligncenter\">\n<p><figure id=\"attachment_189763\" class=\"wp-caption alignnone\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-189763\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/custom-admin-options.png\" alt=\"Custom admin options in Branda.\" width=\"600\" height=\"623\" \/><figcaption class=\"wp-caption-text\">The custom admin area.<\/figcaption><\/figure><\/figure>\n<\/div>\n<p>If you have User Roles selected, you&#8217;ll see that you have the option of picking a role (e.g. Administrator).<\/p>\n<p>It will refresh and automatically populate the admin menu items that the user role has access to by default.<\/p>\n<\/div>\n<p>You can also now drag and drop the top-level menu items if you&#8217;d like to re-order them.<\/p>\n<p>When you hover your cursor over any menu item it will reveal <strong>Duplicate<\/strong> and <strong>Hide<\/strong> options for that item. You can also<strong> Select All<\/strong> or use the checkbox in any menu item to reveal the same to perform this in bulk.<\/p>\n<div><\/div>\n<div>\n<div class=\"wp-block-image size-full wp-image-189764\">\n<figure class=\"aligncenter\">\n<p><figure id=\"attachment_189764\" class=\"wp-caption alignnone\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-189764\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/Duplicate-role-in-dashboard.png\" alt=\"Duplicate role in dashboard.\" width=\"600\" height=\"621\" \/><figcaption class=\"wp-caption-text\">Where you have the option to duplicate or hide.<\/figcaption><\/figure><\/figure>\n<\/div>\n<p>The <strong>Hide<\/strong> option will hide it from the user in the selected role and <strong>Unhide<\/strong> will then appear as an option if you&#8217;d ever like to revert this.<\/p>\n<\/div>\n<div>\n<p>The <strong>Duplicate<\/strong> option will create an exact duplicate of the menu item (including its sub-menu).<\/p>\n<p>You also have additional options for any menu item by clicking the dropdown arrow. This includes options to add your own custom top-level menu item, adding a submenu, CSS classes, and much more.<\/p>\n<div class=\"wp-block-image size-full wp-image-189766\">\n<figure class=\"aligncenter\">\n<p><figure id=\"attachment_189766\" class=\"wp-caption alignnone\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-189766\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/addtional-settings.png\" alt=\"Additional user settings.\" width=\"600\" height=\"771\" \/><figcaption class=\"wp-caption-text\">Additional user settings.<\/figcaption><\/figure><\/figure>\n<\/div>\n<p>Once all of your changes are made, just hit<strong> Apply<\/strong> and everything will stay that way. You can always discard all changes and adjust them at any time.<\/p>\n<p>Along with allowing users to access certain areas in the admin area of WordPress, <a href=\"https:\/\/wordpress.org\/plugins\/branda-white-labeling\/\" rel=\"noopener\" target=\"_blank\">Branda<\/a> can totally brand your admin area and site with tons of other customization options.<\/p>\n<\/div>\n<div>\n<h3><strong>Defender<\/strong><\/h3>\n<div class=\"image-grid cgrid-row\">\n<div class=\"cgrid-col cgrid-col-span-full\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-189721\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/defender.png\" alt=\"Defender plugin download.\" width=\"600\" height=\"279\" \/><\/div>\n<div><\/div>\n<p><a href=\"https:\/\/wordpress.org\/plugins\/defender-security\/\" rel=\"noopener\" target=\"_blank\">Defender<\/a> is WPMU DEV\u2019s 5-star plugin and our answer to security. Amongst numerous security features, one function Defender does well is disabling the file editor, so that only the admin can make any changes to the file editor that\u2019s built into WordPress.<\/p>\n<\/div>\n<p>All of this can be done with a click of a button in an area called <strong>Security Tweaks<\/strong>.<\/p>\n<\/div>\n<p>Here, it shows a list of various security features that can be enabled and disabled at any time. One of the features is to <strong>Disable the file editor<\/strong>. Simply click the switch over if it\u2019s in the <strong>Issues<\/strong> area.<\/p>\n<p>If it\u2019s not, it will be highlighted green and in the <strong>Resolved<\/strong> section. Once doing that, it will let you know that it switched over okay.<\/p>\n<div><\/div>\n<div>\n<figure id=\"attachment_189722\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-189722\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/disable-file-editor.png\" alt=\"Where it shows that you've disabled the file editor.\" width=\"600\" height=\"267\" \/><figcaption class=\"wp-caption-text\">Where it shows that you&#8217;ve disabled the file editor.<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<p>You can revert this feature at any time by clicking <strong>Revert<\/strong>.<\/p>\n<p>Defender is a great additional way to limit your users in the WordPress admin and keeps your files secure. <a href=\"https:\/\/wordpress.org\/plugins\/defender-security\/\" rel=\"noopener\" target=\"_blank\">Try him out for free today<\/a> for your security and to limit access to files.<\/p>\n<\/div>\n<div>\n<h3><strong>Admin Bar &amp; Dashboard Access Control<\/strong><\/h3>\n<div class=\"image-grid cgrid-row\">\n<div class=\"cgrid-col cgrid-col-span-full\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-189723\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/admin-bar-and-dashboard.png\" alt=\"Post image\" aria-hidden=\"true\" width=\"600\" height=\"271\" \/><\/div>\n<div><\/div>\n<div>\n<p>The <a href=\"https:\/\/wordpress.org\/plugins\/admin-bar-dashboard-control\/\" rel=\"noopener\" target=\"_blank\">Admin Bar &amp; Dashboard Access Control <\/a>plugin allows you to limit dashboard access for users. It has a solid 4.5-star rating and over 5,000 downloads.<\/p>\n<p>The <strong>Dashboard Access<\/strong> area lets you disable dashboard access to various user roles with just a few clicks. You can also enter a customized redirect for users without dashboard access.<\/p>\n<figure id=\"attachment_189724\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-189724\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/dashboard-access.png\" alt=\"Dashboard access area.\" width=\"600\" height=\"346\" \/><figcaption class=\"wp-caption-text\">Dashboard access area.<\/figcaption><\/figure>\n<p>In the <strong>Admin Bar<\/strong> area, you can disable the admin bar and select user roles for users you\u2019d like it to be disabled for.<\/p>\n<figure id=\"attachment_189725\" class=\"wp-caption aligncenter\" data-caption=\"true\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-189725\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/07\/admin-bar-disable.png\" alt=\"The admin bar.\" width=\"600\" height=\"263\" \/><figcaption class=\"wp-caption-text\">The admin bar.<\/figcaption><\/figure>\n<p>And that&#8217;s it! This simple and easy to use plugin is a quick option to limit your user&#8217;s admin access. It very basic, similar to the Remove Dashboard Access plugin.<\/p>\n<h3>We&#8217;ll Limit It to That&#8230;<\/h3>\n<p>As you can see, it\u2019s very easy to limit dashboard access for users. You have several options when it comes to doing this; whether it be directly from the admin, a code snippet, file access, or with the help of a plugin like <a href=\"https:\/\/wordpress.org\/plugins\/branda-white-labeling\/\" rel=\"noopener\" target=\"_blank\">Branda<\/a>.<\/p>\n<p>What matters most is you\u2019re in control of your WordPress site and know who can do what when you allow users access.<\/p>\n<p>Otherwise, your users might be snooping in areas of your site that you might not want them. That can be, well, awkward (and insecure).<\/p>\n<p>So, put a limit on things today.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>How many people would you hand your house keys to and let get into anything that they want? The same can be said about your WordPress account and its users. In this article, we explore some of the easiest ways to limit access for WP users using the admin, code, and plugins. If you considered [&hellip;]<\/p>\n","protected":false},"author":811449,"featured_media":189841,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"blog_reading_time":"","wds_primary_category":0,"wds_primary_tutorials_categories":0,"footnotes":""},"categories":[263,11260],"tags":[],"tutorials_categories":[],"class_list":["post-189714","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials","category-wpmu-dev-products"],"_links":{"self":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/189714","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/users\/811449"}],"replies":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/comments?post=189714"}],"version-history":[{"count":63,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/189714\/revisions"}],"predecessor-version":[{"id":224494,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/189714\/revisions\/224494"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/media\/189841"}],"wp:attachment":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/media?parent=189714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/categories?post=189714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/tags?post=189714"},{"taxonomy":"tutorials_categories","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/tutorials_categories?post=189714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}