Only allow administrators and editors to access wp-admin

I am trying to restrict access to wp-admin so that only administrators and editors are allowed. At the moment I am using this function:

function restrict_admin(){
    //if not administrator, kill WordPress execution and provide a message
    if ( ! current_user_can( 'manage_options' ) ) {
        wp_die( __('You are not allowed to access this part of the site') );
    }
}
add_action( 'admin_init', 'restrict_admin', 1 );

But this does the job only for administrator; editors are not allowed to access this part of the site. What can I do?

Related posts

3 comments

  1. You’re correct in that you should be checking for a capability. However, manage options is only given to administrators by default. You should check against a capability that both editors and administrators have such as delete_others_posts.

    function restrict_admin(){
    //if not administrator, kill WordPress execution and provide a message
        if ( ! current_user_can( 'delete_others_posts' ) ) {
            wp_die( __('You are not allowed to access this part of the site') );
        }
    }
    add_action( 'admin_init', 'restrict_admin', 1 );
    

    See roles and capabilities from the codex.

  2. You can also use this :

    <?php if( current_user_can('editor') || current_user_can('administrator') ) {  ?> 
        // stuff here for admins or editors
    <?php } ?>
    

    For detailed reference check this another thread on stack.

    Thanks

  3. For me, since per Codex Passing role names to current_user_can() is discouraged as this is not guaranteed to work correctly (see #22624), best option is something like this.

    $user = wp_get_current_user();
    $allowed_roles = array('administrator','editor');
    
    if(array_intersect($allowed_roles, $user->roles)){
        //user have $allowed_roles
    }
    

Comments are closed.