How to set up WordPress to prohibit access to the backend?

The following tutorial column of wordpress will teach you how to set up WordPress to prohibit access to the backend. I hope it will be helpful to friends in need!

Sometimes our website has its own membership center, or does not have a membership function, so users do not need to access the backend. We can prohibit users from accessing the backend through the following methods.

Open the WordPress core function file functions.php on the homepage and insert the following code into the functions.php file.

1. Prohibit the default registered user role from accessing the backend

Default registered user role: WordPress backend → Settings → General, set the role in the default role for new user registration.

function qzl_redirect_wp_admin()
 {
 if ( is_admin() && !current_user_can('editor') && ( !defined( 'DOING_AJAX' ) || !DOING_AJAX ) ) {
          $current_user = wp_get_current_user();
          if($current_user->roles[0] == get_option('default_role')) {
            wp_safe_redirect(home_url());
            exit();
          }
        }
    }
    add_action('init', 'qzl_redirect_wp_admin');

If you modify the default role for a new user, it will not be effective for previously registered users.

2. Only allow administrator, editor and author roles to access the backend

Add the following code to the current theme function template functions.php file中

add_action('init', 'qzl_redirect_wp_admin');
function qzl_redirect_wp_admin()
{
    if (is_admin() && is_user_logged_in() &&
    !current_user_can('manage_options') &&
    !current_user_can('publish_pages') &&
    !current_user_can('publish_posts') &&
    (!defined('DOING_AJAX') || !DOING_AJAX)) {
        wp_safe_redirect(home_url());
        exit;
    }
}

Determine whether the current user is logged in and the current user role. Users who are prohibited from accessing the backend will jump directly to the homepage of the website.

If you need to jump to a specified page link, you can modify wp_safe_redirect(home_url()) to a link similar to the following:

wp_safe_redirect('http://www.php.cn');

Can only jump to links within the site, not Go to off-site link.

If only administrators are allowed to access the backend, you can delete the code that allows editors and authors to access the backend:

&& !current_user_can('publish_pages') && !current_user_can('publish_posts')

Summary: User access can be prohibited through the above pieces of code Our backend is very simple, isn’t it? By restricting users’ access to the backend, we can filter out some unnecessary backend access requests, which can improve the security of our website. When your WordPress website has developed a member center or does not have a membership function, You can use this method to add security chips to your website.

The above is the detailed content of How to set up WordPress to prohibit access to the backend?. For more information, please follow other related articles on the PHP Chinese website!