Title: Konfyra Access Control
Author: gsrcoimbatore
Published: <strong>July 14, 2026</strong>
Last modified: July 14, 2026

---

Search plugins

![](https://ps.w.org/konfyra-access-control/assets/banner-772x250.png?rev=3607900)

![](https://ps.w.org/konfyra-access-control/assets/icon-256x256.png?rev=3607900)

# Konfyra Access Control

 By [gsrcoimbatore](https://profiles.wordpress.org/gsrcoimbatore/)

[Download](https://downloads.wordpress.org/plugin/konfyra-access-control.zip)

 * [Details](https://wordpress.org/plugins/konfyra-access-control/#description)
 * [Reviews](https://wordpress.org/plugins/konfyra-access-control/#reviews)
 *  [Installation](https://wordpress.org/plugins/konfyra-access-control/#installation)
 * [Development](https://wordpress.org/plugins/konfyra-access-control/#developers)

 [Support](https://wordpress.org/support/plugin/konfyra-access-control/)

## Description

Multi-vendor plugins (WCFM, Dokan, MultiVendorX, WC Vendors) generally
 redirect
vendors to a frontend dashboard _after login_, and most offer a capability toggle
for “backend access.” In practice, both of those are login-flow conveniences, not
hard access controls — a vendor who directly visits `/wp-admin/` after logging in
can often still land on some part of the WordPress backend. The same gap exists 
for membership and course plugins (MemberPress, LearnDash, etc.) whose members are
typically just Subscribers under the hood.

This plugin adds the missing hard block:

 * Every `/wp-admin/` request is checked on `admin_init`.
 * Administrators (and any role you explicitly exempt — e.g. Shop Manager)
    pass
   through untouched.
 * Everyone else is redirected: configured “vendor” roles go to your vendor
    dashboard
   URL; everyone else goes to a default path you configure — a MemberPress account
   page, a LearnDash dashboard, anything — or, if left blank, WooCommerce My Account(
   if active) or the homepage.
 * AJAX (`admin-ajax.php`), cron, and REST requests are always left alone,
    since
   marketplace and membership plugins alike route frontend actions through them 
   internally. Blocking these would break the site, not just the backend.
 * The admin toolbar is optionally hidden on the frontend for restricted
    roles 
   too, closing a smaller but related information leak (plugin names/versions, site
   health notices).

This isn’t tied to any one plugin’s ecosystem — the lockdown itself is
 plain WordPress
role and capability logic. It was built with WCFM / Dokan / MultiVendorX / WC Vendors
marketplaces in mind, but works identically for MemberPress members, LearnDash students,
or any custom role your own code registers.

All of this is configured from **Settings  Konfyra Access Control** — the
 role 
checkboxes are populated from the roles actually registered on your site, so there’s
no need to guess whether your plugin calls its vendor role `vendor`, `seller`, `
wcfm_vendor`, or `dc_vendor`.

#### A note on trademarks

This plugin is not affiliated with, endorsed by, or sponsored by
 Automattic, WooThemes/
WooCommerce, weDevs (Dokan), WCFM, MultiVendorX, WC Vendors, or MemberPress. Their
names are mentioned solely to describe compatibility.

#### Before enabling on a live site

Test on staging first, same as any access-control change. If you use a
 Shop Manager(
or similar staff) role that needs order/product screens in wp-admin, make sure to
check that role under “Roles allowed in wp-admin” before saving — it’s exempt by
default on first activation, but confirm it after your first save.

## Installation

 1. Upload the `konfyra-access-control` folder to `/wp-content/plugins/`,
     or install
    the zip directly via Plugins  Add New  Upload Plugin.
 2. Activate the plugin.
 3. Go to Settings  konfyra Access Control and configure which roles are
     exempt, which
    are “vendor” roles, your vendor dashboard URL, and the default redirect path for
    everyone else.

## FAQ

### My frontend AJAX calls stopped working after activating this.

They shouldn’t — `admin-ajax.php` requests are explicitly exempted
 regardless of
role. If something broke, check whether another plugin is making a direct (non-AJAX)
request into `/wp-admin/` to fetch data, which is unusual but not impossible; exempt
that role temporarily to confirm, then report the specific plugin/action.

### Does this replace my marketplace or membership plugin’s own capability

settings? =

No — use both. This plugin is the hard enforcement layer; your other
 plugin’s own
capability toggles still control what a vendor or member can see and do _within_
their own frontend dashboard.

### I locked myself out. What do I do?

Connect via FTP/SFTP or your host’s file manager, rename or delete the
 konfyra-
access-control folder in `wp-content/plugins/` — WordPress deactivates a plugin 
automatically if its files disappear, restoring your own wp-admin access immediately.

### Does this work with a custom login page or SSO plugin?

Yes — the check runs on `admin_init` regardless of how the user
 authenticated, 
so it applies uniformly.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Konfyra Access Control” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ gsrcoimbatore ](https://profiles.wordpress.org/gsrcoimbatore/)

[Translate “Konfyra Access Control” into your language.](https://translate.wordpress.org/projects/wp-plugins/konfyra-access-control)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/konfyra-access-control/),
check out the [SVN repository](https://plugins.svn.wordpress.org/konfyra-access-control/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/konfyra-access-control/)
by [RSS](https://plugins.trac.wordpress.org/log/konfyra-access-control/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.1.0

 * Added a configurable default redirect path for any role that isn’t a
    vendor 
   role and isn’t exempt (e.g. MemberPress members, LearnDash students) — previously
   this always went to WooCommerce My Account or the homepage with no way to customize
   it.

#### 1.0.0

 * Initial release.

## Meta

 *  Version **1.1.0**
 *  Last updated **13 hours ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 5.8 or higher **
 *  Tested up to **7.0.1**
 *  PHP version ** 7.4 or higher **
 * Tags
 * [access-control](https://wordpress.org/plugins/tags/access-control/)[membership](https://wordpress.org/plugins/tags/membership/)
   [multivendor](https://wordpress.org/plugins/tags/multivendor/)[security](https://wordpress.org/plugins/tags/security/)
   [woocommerce](https://wordpress.org/plugins/tags/woocommerce/)
 *  [Advanced View](https://wordpress.org/plugins/konfyra-access-control/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/konfyra-access-control/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/konfyra-access-control/reviews/)

## Contributors

 *   [ gsrcoimbatore ](https://profiles.wordpress.org/gsrcoimbatore/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/konfyra-access-control/)