WordPress.org

Support

Support » Plugins and Hacks » Not letting subscribers use the admin backoffice

Not letting subscribers use the admin backoffice

  • I’m using the PageRestrict Plugin (http://wp-plugins.net/plugin/page_restrict.php/) to make some pages available only to registered users (registered as subscribers that is).
    When getting to a restricted page the user will be advised to login, and when he does so he is redirected to the restricted page he came from.
    The thing is, the user doesn’t have a direct link to the administration, but he can still have access to it if he adds “/wp-admin” in the addressbar…

    Is there any way to restrict access to the administration for subscribers? A plugin would be excelent, but a plain hack will also do 🙂
    I don’t want subscribers to be able to change their profile details as I will be the one managing those accounts.

    thanks in advance!

Viewing 7 replies - 1 through 7 (of 7 total)
  • Tom Lany

    @tomthewebmaster

    I would be interested in this feature, as well. Is a plugin possible, or would wp-login.php and the wp-admin files have to be modified instead?

    Create a plugin. The example below will show the Author & Users page under Profiles Menu only if you are the admin. Check in the admin/menu.php for the menu array you wish to restrict. Please do not hack the core files. Do everything in a plugin.

    function restricted_pages(){
    global $submenu;
    if(!current_user_can(‘level_10’)){
    unset($submenu[‘profile.php’][10]);
    }

    }

    add_action(‘admin_head’,’restricted_pages’);

    Ok, I think I’ll give it a shot then. I haven’t got any experience in writing plugins, but your snippet seems like a pretty good starting point, thanks!

    For testing purposes I tried changing the PageRestrictPlugin I’m already using. The ideia is to make it also block the administration.

    I’ve added the following:

    //——————————————————-
    function pagerestrict_admin_hook() {

    //…

    add_action(‘admin_head’,’page_restrict_adminhead’);
    }

    function page_restrict_adminhead() {
    global $submenu, $menu;

    if(!current_user_can(‘level_10’)){
    unset($menu[0]); // hide dashboard
    unset($menu[35]); // hide Users or Profile
    unset($submenu[‘profile.php’]);
    }
    }
    //——————————————————-

    The menu is gone, which is great. However, the profile page and the dashboard remain acessible if I add “/wp-admin/profile.php” and “/wp-admin/index.php” in the addressbar. Is there a way to actually block these?

    When using a “subscriber” account if I try to access “/wp-admin/edit.php” the following message is shown: “You do not have sufficient permissions to access this page”
    This would be just the thing I’m looking for… Any thoughts on how to achieve this for profile and dashboard?

    Cheers!

    I’m interested in hiding the dashboard for subscribers. I want to use the dashboard for admin level users only, providing links to stuff I wouldn’t want subscribers to see.

    lnicoletti

    @lnicoletti

    With my code the profile page become inaccessible. If I try to access “/wp-admin/profile.php” the following message is shown: “You do not have sufficient permissions to access this page”.


    function page_restrict_adminhead() {
      global $submenu, $menu;
      if(!current_user_can('level_10')){
       unset($menu[35]); // hide Users or Profile
       unset($submenu['profile.php']);
       if (preg_match('|/wp-admin/profile.php|', $_SERVER['REQUEST_URI'])) {
        die(__("You do not have sufficient permissions to access this page."));
       }
      }
    }

    Clicknathan

    @clicknathan

    I’m also looking for what syncbox is asking…

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Not letting subscribers use the admin backoffice’ is closed to new replies.
Skip to toolbar