Remove admin menu

3 Views

Ho do you remove admin menu items and dissable acces for users below admin ? The right way… 

// 1 - Remove Menu Items
function my_remove_menu_pages() {
    if ( !current_user_can( 'administrator' ) ) {
        remove_menu_page('options-general.php'); // Settings
        remove_menu_page('tools.php'); // Tools
        remove_menu_page('upload.php'); // Media
        remove_menu_page('plugins.php');
        remove_menu_page('themes.php');
        remove_menu_page('edit-comments.php');
        remove_menu_page('edit.php?post_type=page');
        remove_menu_page('link-manager.php');
    }
}
add_action( 'admin_init', 'my_remove_menu_pages' );

// 2 - Redirect users if they visit links from non visible menu items
function no_permission_admin_redirect() {
    if ( !current_user_can( 'administrator' ) ) {
        if (stripos($_SERVER['REQUEST_URI'],'tools.php') !== false 
            || stripos($_SERVER['REQUEST_URI'],'options-general.php') !== false 
            || stripos($_SERVER['REQUEST_URI'],'upload.php') !== false 
            || stripos($_SERVER['REQUEST_URI'],'media.php') !== false 
            || stripos($_SERVER['REQUEST_URI'],'edit-comments.php') !== false 
            || stripos($_SERVER['REQUEST_URI'],'post-new.php?post_type=page') !== false 
            || stripos($_SERVER['REQUEST_URI'],'post-new.php') !== false 
            || stripos($_SERVER['REQUEST_URI'],'media-new.php') !== false 
            || stripos($_SERVER['REQUEST_URI'],'edit.php?post_type=page') !== false 
            || stripos($_SERVER['REQUEST_URI'],'link-manager.php') !== false) { 
            wp_redirect(get_option('siteurl') . '/wp-admin/index.php?permissions_error=true'); 
        }
    }
}
add_action('admin_menu','no_permissions_admin_redirect');


// 3 - Show error message to users if they visit links from non visible menu items
function no_permissions_admin_notice() { 
        echo "<div id='permissions-warning' class='error fade'><p><strong>".__('You do not have permission to access that page.')."</strong></p></div>";
    }

function no_permissions_show_notice() {
        if($_GET['permissions_error']) {
            add_action('admin_notices', 'no_permissions_admin_notice');
        }
    }
add_action('admin_init','no_permissions_show_notice');

This code works but unfortunately users can access some of the pages by typing the url on their browsers without getting any error or redirection.

Read More

Is there a simple way to remove menu items and redirect users to the dashboard if the visit the page by typing the url on their browsers without using plugins ?

Post Views: 3

Related posts

Leave a Reply

1 comment

  1. There are three ways to do this I guess.

    First, you could start with blocking all access to admin.php and then whitelist the pages they are allowed to browse. Unless your users are really restricted this may take a while to figure out.

    Second, you could use the built-in capability system of WP, removing capabilities of those roles you want to restrict. To start, look here: http://codex.wordpress.org/Roles_and_Capabilities

    Third, you could opt to use a plugin, such as Adminimize: http://wordpress.org/extend/plugins/adminimize/

    In any case you should pass a capability with current_user_can(), not a role:
    http://codex.wordpress.org/Function_Reference/current_user_can

    Hope there’s a solution among the three that you like. Good luck!