WordPress, as the world’s most widely adopted Content Management System (CMS), provides unparalleled flexibility and power for website owners. This extensive capability, however, comes with a critical responsibility: meticulous user management. A fundamental aspect of this responsibility involves understanding and controlling who can access the backend dashboard. This report explores the compelling reasons why restricting dashboard access for non-administrative users, particularly subscribers, is not merely a beneficial practice but a foundational requirement for maintaining a secure, efficient, and user-friendly online presence. It outlines various methodologies, from straightforward plugin solutions to custom PHP code, and offers practical troubleshooting advice for seamless implementation.
Download and install Code Snippet plugin on your WordPress website. You will need this plugin to add PHP code on your WordPress website.
How to Add This to Code Snippets:
Go to WordPress Dashboard → Snippets → Add New
Give it a name like “Custom Admin Bar for Subscribers”
Paste the code below
Set the Run snippet everywhere option
Click Save Changes and Activate
<?php
/**
* Custom Admin Bar and Access for Subscribers
*
* 1. Hides admin bar for non-admins
* 2. Shows only logout for subscribers
* 3. Redirects subscribers to homepage after login
* 4. Redirects subscribers to homepage after logout
* 5. Prevents subscribers from accessing the WordPress dashboard
*/
// Redirect subscribers to homepage after login and customize admin bar
add_action('init', 'customize_subscriber_access');
function customize_subscriber_access() {
if (is_user_logged_in() && current_user_can('subscriber') && !current_user_can('administrator')) {
// Show admin bar but we'll customize it
add_filter('show_admin_bar', '__return_true');
// Redirect from dashboard to homepage
if (is_admin() && !defined('DOING_AJAX')) {
wp_redirect(home_url());
exit;
}
}
}
// Customize the admin bar for subscribers
add_action('admin_bar_menu', 'custom_subscriber_admin_bar', 999);
function custom_subscriber_admin_bar($wp_admin_bar) {
// Only proceed for subscribers
if (current_user_can('subscriber') && !current_user_can('administrator')) {
// Remove all existing nodes
$wp_admin_bar->remove_node('wp-logo');
$wp_admin_bar->remove_node('site-name');
$wp_admin_bar->remove_node('my-account');
$wp_admin_bar->remove_node('user-actions');
$wp_admin_bar->remove_node('user-info');
$wp_admin_bar->remove_node('edit-profile');
$wp_admin_bar->remove_node('logout');
$wp_admin_bar->remove_node('search');
$wp_admin_bar->remove_node('customize');
$wp_admin_bar->remove_node('comments');
$wp_admin_bar->remove_node('new-content');
$wp_admin_bar->remove_node('updates');
// Add custom logout node with redirect to homepage
$wp_admin_bar->add_node(array(
'id' => 'custom-logout',
'title' => 'Log Out',
'href' => wp_logout_url(home_url()), // Redirect to home after logout
'meta' => array(
'title' => 'Log Out',
'class' => 'custom-logout'
)
));
}
}
// Redirect subscribers after login
add_action('login_redirect', 'subscriber_login_redirect', 10, 3);
function subscriber_login_redirect($redirect_to, $request, $user) {
if (isset($user->roles) && is_array($user->roles)) {
// Check for subscriber role
if (in_array('subscriber', $user->roles)) {
return home_url();
}
}
return $redirect_to;
}
// Redirect all users to homepage after logout
add_action('wp_logout', 'redirect_after_logout');
function redirect_after_logout() {
wp_redirect(home_url());
exit();
}
?>
Key Improvements:
Logout Redirect: Added
wp_logout_url(home_url())to ensure subscribers are redirected to the homepage after logging out.Double Protection: Added both a server-side redirect (
wp_redirect) and a logout URL parameter to ensure the redirect works in all scenarios.Cleaner Code: Consolidated all the redirect logic and made the admin bar customization more efficient.
This solution now handles all your requirements:
Minimal admin bar for subscribers (only logout)
Login redirect to homepage
Logout redirect to homepage
Blocked dashboard access for subscribers
Full admin access for administrators
Best Practices for Managing User Access
1. Use Role-Based Permissions
Assign only necessary access (e.g., contributors can edit posts but not plugins).
2. Redirect Subscribers to a Custom Page
Modify the code to redirect users to a “My Account” page instead of the homepage.
3. Monitor User Activity
Use plugins like WP Security Audit Log to track login attempts.
4. Regularly Audit User Roles
Remove inactive users and limit admin accounts.
5. Backup Before Making Changes
Always backup your site before editing
functions.php.
Frequently Asked Questions (FAQs)
Q1: Will hiding the dashboard affect user login?
✅ No! Users can still log in but will be redirected away from /wp-admin.
Q2: Can I hide the dashboard for other roles (like authors)?
🛠️ Yes! Replace 'subscriber' with 'author' or 'contributor' in the code.
Q3: What if a subscriber tries to access /wp-admin directly?
🚫 They’ll be redirected to the homepage (or a custom URL).
Q4: Does this work with WooCommerce or membership plugins?
✔ Yes, but test compatibility with custom user roles.
Q5: Is this method secure?
🔒 Yes, but for stronger security, use plugins like Members.
Conclusion
Hiding the WordPress dashboard from subscribers is a simple yet powerful way to:
✔ Enhance security
✔ Improve user experience
✔ Reduce backend clutter
🚀 Take Action Now:
Use the code snippet (Method 1) for a lightweight solution.
Try a plugin (Method 2) if you prefer no coding.
📢 Need help? Ask in the comments!
Pro Tip
Combine this with a custom login redirect for a seamless user experience.
I believe that you will like this article on How To Hide WordPress Dashboard From Users.
We are publishing articles and Videos about WordPress Tutorials, themes, plugins, theme builders, and more. So do not forget to subscribe to our Quick Tips Youtube Channel for upcoming videos on Filmora video editing, Website Design, WordPress tutorials, Elementor, and WooCommerce tutorials.
