Question [Solved] How to prevent access to backend (dashboard and login page)

Summarize Topic

How-to and Troubleshooting

Last Post by Asti 2 years ago

4 Posts

2 Users

1 Reactions

1,651 Views

RSS

Posts: 32

DoctorBR

Topic starter

Translate ▼

Dec 18, 2023 5:39 am

(@doctorbr)

Trusted Member

Joined: 2 years ago

[#7801]

Registration on my site is disabled and the only way to comment is via social login. But logged people can see the admin bar and access the pages (URLs) /wp-admin and /wp-login / and /wp-admin/profile.php

Is there a configuration on WPDiscuz, or a code (snippet), to prevent such access?

I don’t want users to ever see the WordPress back-end (!)

Topic Tags

3 Replies

Posts: 8313

Asti

Support

Translate ▼

Dec 18, 2023 11:41 am

(@asti)

Illustrious Member

Joined: 9 years ago

Hi @doctorbr,

This artilce should be helpful for you: https://blog.hubspot.com/website/how-to-limit-wordpress-dashboard-access

In case you want to say thank you! 🙂
We'd really appreciate if you leave a good review on the plugin page.
This is the best way to say thank you to this project and the support team.

Posts: 32

DoctorBR

Topic starter

Translate ▼

Dec 19, 2023 7:57 pm

(@doctorbr)

Trusted Member

Joined: 2 years ago

Hello, @Asti

I added 2 snippets (codes below).

add_action('after_setup_theme', 'remove_admin_bar');
function remove_admin_bar() {
if (!current_user_can('administrator') && !is_admin()) {
 show_admin_bar(false);
}
}

add_action( 'init', 'blockusers_init' );
function blockusers_init() {
if ( is_admin() && ! current_user_can( 'administrator' ) && ! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
wp_safe_redirect( home_url() );
exit;
}
}

But users logged in by wpDiscuz via social login can still access the /wp-login.php page and this generates a lot of confusion, as the username collected by wpDiscuz appears as a user name in the “User Name” field of the default WordPress form (page /wp-login.php).