Skip to:

Disable /wp-admin/ for "normal" users

  • smuda


    hello everyone,

    since BuddyPress ist very powerful and everything a users needs to edit is already there, why can they still access /wp-admin/ and change stuff there?

    is there a way to disable that somehow?

Viewing 14 replies - 1 through 14 (of 14 total)

  • Xevo


    Because people still need wp-admin to write posts and stuff?

    I wouldn’t disable it, rather just make sure no links go there.

    This is a WordPress question as BuddyPress doesn’t provide wp-admin. I suggest you Google or search on the WordPress forums.



    @Xevo … “and stuff”? they actually just need it for that, which is, for my social network not an option.

    @Pula thanks, will do.

    function block_wp_admin_init() {
    if (strpos(strtolower($_SERVER['REQUEST_URI']),'/wp-admin/') !== false) {
    if ( !is_site_admin() ) {
    wp_redirect( get_option('siteurl'), 302 );

    (might be better to use admin_init ?)



    @etiviti very nice, thanks a lot!



    @ Smuda

    Well ok, but I stand by my point I don’t think you should block all traffic towards wp-admin. Just hide it.

    @ etiviti (rich!)

    Isn’t it smarter to use current_user_can(‘edit_posts’)? That way anything higher than a subscriber can access the wp-admin.

    sure – whatever to suit someone’s need would work



    @smuda I totally agree with you, it just doesn’t look good if someone could go inside the “admin panel” of Facebook, for example (imagining such a thing exists ;) ) it has nothing to do with your theme design, surely not customized, etc, etc. Even if they could not change any configuration (always talking of a social web with no “blogs for everyone” as is my case too).

    @etiviti (rich!)

    Thanks for your help! I’ll try to apply that :)

    @Paul Gibbs

    I’ts fine, I understand, nevertheless I think this kind of questions/debates should be able to take place here since the people who asks are BP users and everything is related at some point. For example, WordPress gives us the admin panel and BP de “Social Layer” where one feature could be the “everything can be managed from the outside interface”… please don’t take this as a hard complaint ;) just my 2 cents

    Ok guys here is what I found may work. If you implement the two additional plugins into your site, you should never see the wp-admin page while using a buddypress site.
    1. Be sure not to disable BuddyPress to WordPress profile syncing in Buddy Press settings. You want to link both the buddy press and word press site together
    Now for the rest of the settings
    2. Install Absolute Privacy
    Under settings: Lockdown the site and Block admin access. For the “Redirect Non-logged in Users To:” part: enter your Login page permalink for My Login
    3. Install Theme My Login
    Under settings for Theme My Login: Put a 0 for Page ID and ensure the other 3 check boxes are selected, Pagelist, Links, and Stylesheet.
    NOTE: In order to log out from your wordpress control panel you will need to click the link at the top left of your wordpress control panel to get back out to the buddy press site. You should still be logged in as your user in Buddy Press. Simply chose log out and viola you should not see the wp-admin. Test it out by entering a fake username/password, you should bounce back to buddypress login screen..
    Same thing with the login procedure. You will need to log in through buddypress and click on “edit this entry” to get back to the wordpress control panel.
    Another layer of wp-admin lockout may be to create a redirect for wp-admin and wp-admin.php
    ALSO: It doesn’t seem like Buddy Press Sliding Login Plugin works with this setting so it may be wise to disable that feature. Be sure to backup, as results may vary. Proceed at your own discretion.

    Proceed with my prior info with caution, I am still getting some funky results.



    Hi Zack,
    Did you manage to straighten out the funky results? I’m trying to get use the Theme My Login plugin with Buddypress, with no luck thus far. Thanks!

    hi just wanted to know where to place below code dont allow my user to view wp-admin or dashboard area ?
    function block_wp_admin_init() {
    if (strpos(strtolower($_SERVER),’/wp-admin/’) !== false) {
    if ( !is_site_admin() ) {
    wp_redirect( get_option(‘siteurl’), 302 );

    Boone Gorges


    @naved – Put it in wp-content/plugins/bp-custom.php . Create that file if you don’t already have it, making sure to begin it with
    and ending it with

    @boone gorges sorry bt when i put the my url replacing ‘siteurl’ it gives me http error i was practising on localhost rather than on main machine (server)
    and when i delete that file the site again start running

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘Disable /wp-admin/ for "normal" users’ is closed to new replies.
Skip to toolbar