redirect out of wp-admin, without losing admin-ajax.php

I’m trying to keep all non-administrators out of the WordPress admin panel by using a wp_redirect inside of an is_admin conditional. The problem is that a side effect of this if that non-admins can no longer use the file “admin-ajax.php” for ajax calls in WordPress. It appears that a few people on the WordPress forums are having the exact same problem lately.

Would anyone have a solution for this?

Related posts

Leave a Reply

1 comment

  1. Check the DOING_AJAX constant:

    function my_admin_init(){
        if( !defined('DOING_AJAX') && !current_user_can('administrator') ){
            wp_redirect( home_url() );
            exit();
        }
    }
    add_action('admin_init','my_admin_init');