Only allow administrators and editors to access wp-admin

May 8, 20232 Views

I am trying to restrict access to wp-admin so that only administrators and editors are allowed. At the moment I am using this function:

function restrict_admin(){
    //if not administrator, kill WordPress execution and provide a message
    if ( ! current_user_can( 'manage_options' ) ) {
        wp_die( __('You are not allowed to access this part of the site') );
    }
}
add_action( 'admin_init', 'restrict_admin', 1 );

But this does the job only for administrator; editors are not allowed to access this part of the site. What can I do?

Post Views: 2

3 comments

Anonymous says:

May 8, 2023 at 10:36 am
You’re correct in that you should be checking for a capability. However, manage options is only given to administrators by default. You should check against a capability that both editors and administrators have such as delete_others_posts.
```
function restrict_admin(){
//if not administrator, kill WordPress execution and provide a message
    if ( ! current_user_can( 'delete_others_posts' ) ) {
        wp_die( __('You are not allowed to access this part of the site') );
    }
}
add_action( 'admin_init', 'restrict_admin', 1 );
```
See roles and capabilities from the codex.

You can also use this :

<?php if( current_user_can('editor') || current_user_can('administrator') ) {  ?> 
    // stuff here for admins or editors
<?php } ?>

For detailed reference check this another thread on stack.

Thanks

Anonymous says:

May 8, 2023 at 10:36 am
For me, since per Codex Passing role names to current_user_can() is discouraged as this is not guaranteed to work correctly (see #22624), best option is something like this.
```
$user = wp_get_current_user();
$allowed_roles = array('administrator','editor');

if(array_intersect($allowed_roles, $user->roles)){
    //user have $allowed_roles
}
```

Comments are closed.

Related posts

3 comments

Social Network