Limited Support
Our team is currently on holiday, so support will be limited during this period. Response times may be slower than usual, and some inquiries may be delayed.
We appreciate your patience and understanding, and we’ll resume our usual support by the end of August.
Registration on my site is disabled and the only way to comment is via social login. But logged people can see the admin bar and access the pages (URLs) /wp-admin and /wp-login / and /wp-admin/profile.php
Is there a configuration on WPDiscuz, or a code (snippet), to prevent such access?
I don’t want users to ever see the WordPress back-end (!)
Hi @doctorbr,
This artilce should be helpful for you: https://blog.hubspot.com/website/how-to-limit-wordpress-dashboard-access
Hello, @Asti
I added 2 snippets (codes below).
add_action('after_setup_theme', 'remove_admin_bar');
function remove_admin_bar() {
if (!current_user_can('administrator') && !is_admin()) {
show_admin_bar(false);
}
}
add_action( 'init', 'blockusers_init' );
function blockusers_init() {
if ( is_admin() && ! current_user_can( 'administrator' ) && ! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
wp_safe_redirect( home_url() );
exit;
}
}
But users logged in by wpDiscuz via social login can still access the /wp-login.php page and this generates a lot of confusion, as the username collected by wpDiscuz appears as a user name in the “User Name” field of the default WordPress form (page /wp-login.php).
Is there an effective way to change URL /wp-login.php via wpDiscuz?
Sure if you have a login page you can isnert the URL in the Dashboard > wpDiscuz > Settings > User Authorization and Profile Data tab.
More info here: https://wpdiscuz.com/community/f-a-q/change-login-url/
