When a user creates an account on a WordPress site, they automatically get access to your WordPress admin area. However, this level of openness may not be ideal for your website. In many cases, you need to be careful about who can see and modify certain elements of your site.
By limiting a specific user’s dashboard access, you can prevent unauthorized changes and improve your website’s security.
At WPBeginner, we have successfully managed a multi-author blog for over 16 years. Since lots of writers and editors regularly log in to our WordPress dashboard, we have taken precautionary steps to limit their access.
This has helped reduce the risk of unauthorized changes and streamlined the editorial process. So, we know how important access limitations are.
In this article, we will show you how to easily limit dashboard access in WordPress, step by step.
Why Limit Dashboard Access in WordPress?
You should only provide access to the admin area of your WordPress website to the users that you trust, like authors, SEO editors, and administrators.
For example, if you have a membership site, then users who are filling in the form will automatically get access to your WordPress dashboard.
This can give users access to all aspects of your site, including the ability to change themes, plugins, and settings.
Plus, it can compromise your site and make it less secure.
By limiting dashboard access in WordPress, you can prevent any unauthorized changes from taking place on your website, improve your website security, and even simplify the user experience.
Even when you are giving some users access to the admin area, you can still control what they can or cannot see on the dashboard for further security.
That being said, let’s take a look at how to easily limit dashboard access in WordPress, step by step.
How to Limit Dashboard Access in WordPress
First, you need to install and activate the Remove Dashboard Access plugin. For detailed instructions, see our step-by-step guide on how to install a WordPress plugin.
Upon activation, visit the Settings » Dashboard Access page from the WordPress admin sidebar to configure the plugin.
The Remove Dashboard Access plugin allows you to choose user roles that can get access to the dashboard. You can pick ‘Administrators only’, ‘Editors and Administrators’, or ‘Authors, Editors, and Administrators’.
Alternatively, you can also limit access by capability.
Capabilities are the actions a user can do on your WordPress site. To understand user roles and capabilities in WordPress, check out our guide on how to add or remove capabilities from user roles in WordPress.
The next option is to choose a redirect URL. This option allows you to redirect disallowed users to any page on your website.
This way, the subscribers on your site will be redirected to another page of your WordPress blog upon registration.
Next, you can check the ‘User Profile Access’ box if you want to allow users to edit their profiles.
Selecting this option will disable the URL redirect feature. The plugin will redirect disallowed users to the profile edit screen instead of the redirect URL you entered earlier.
Once you are satisfied, click on the ‘Save Changes’ button to store your settings.
That’s all. Now, only users with your selected user role or capability can access the WordPress dashboard.
Hiding Items from the Admin Area in WordPress
Sometimes, you may want to restrict what a user sees or can edit in your WordPress admin area.
You can hide and control what users can see in the admin area of your WordPress site. You can also rearrange the menu tabs in the WordPress admin dashboard.
To do this, simply check out our guide on how to hide unnecessary items from WordPress admin with Adminimize.
Protecting WordPress Admin Directory With .htaccess
Another way to protect the WordPress admin panel is by adding another layer of password protection. This method asks users to provide a username and password before they can enter the wp-admin directory.
This method does not offer a user interface to control which users can access the admin area. However, it is generally considered more secure.
If you are the only author on your site or have a very limited set of new users, then you can use this method.
Check out our detailed tutorial on how to password-protect your WordPress wp-admin directory.
We hope this article helped you learn how to limit dashboard access on your WordPress site. You may also want to see our tutorial on how to limit authors to their own posts in WordPress admin and our expert picks for the best WordPress database plugins.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Jiří Vaněk
Hello,
I would like to deploy the MemberPress plugin on my website to allow users to register. Do I need to follow this guide even though all new users will only have the visitor role? I assumed this role isn’t dangerous and users in this role cannot threaten my website. Therefore, I’m wondering if I should still use this guide or if MemberPress will handle everything for me? Thank you.
WPBeginner Support
It would be personal preference if they are a visitor if you want to limit dashboard access.
Admin
Jiří Vaněk
Understood. I will follow your advice and restrict access to the administration for better security. Thank you very much for your time and response. Website security is very important to me, and I don’t want to overlook anything.
michael
i want to block accesss to the dashboard but in the same time allow frontend editing with visual composer only, please i need help. thanks
Sarah
Hi,
The plugin you refer is ‘out of date’.
I need to hide the dashboard and all plugin content from Author as I only want then to be able to see and edit their own post.
Also, when an author has opened their posts to edit, they can also see below, plugins such as yoast.
How do I hide these so the author cannot edit these?
Is this possible?
Many Thanks
Sudesh
It works great …
Thanks…!!!
Fadhlillah Ariefianto
Any suggestion for me to do this without plugin ?
I’ve found some code with DOING_AJAX, but i lost capabilities for my member on front end posting. I just need code to redirect non-admin role when access wp-admin.
Thanks!