This is a simple plugin which blocks access to the admin interface based on a user’s capabilities (permissions).
See the plugin info on wordpress.org.
If you have any support questions, please fire them here as a comment.
Links
Me
Tags
Alternative MBA Amazon Amazon-S3 Australia Bangkok California Callum Callum-Macdonald cape town CouchSurfing CouchSurfing.com eBay Facebook Fedora Fedora-7 Google Guadalajara Hong-Kong las vegas Linux mexico Montreal MySpace Online-Backup Open-Source OpenCouchSurfing rsync.net Seth Godin Skype SmartHippo Smile snow South Africa Spam Sydney Thailand Toronto twitter ubuntu usa Vancouver WordPress WordPress-Plugins WP-Mail-SMTP YouTubeLexicon
In a suitably javascriptly enabled browser, double click any word on this site to see an explanation of the word. Then double click any word in the explanation for more. Oh the things that are lexically possible... :)Monitoring
32 Comments
Callum
I realize you don’t support this plugin but I thought I’d drop a note in the event you could see an obvious issue. I’m using block Admin with WPMU and Buddypress and I’m trying to keep users from seeing the WP backend. I’ve tried your plugin (I actually thought I had it working for awhile) but users are still getting access after logging in and trying the URL/wp-admin link.
I’m also using a custom plugin that redirects people logging in to go to their member page in Buddypress versus the backend. Not sure if this is conflicting, but I don’t think so.
Appreciate your thoughts…
Thx
@Scot MacDonald: Hey Scot, nice surname!
My guess is that you’re seeing problems because your users are admins on the blog. Somebody else recently asked me about a WPMU version related to buddyPress and I modified the plugin slightly for them. It seemed to work well. I’ve added that code to the plugin but commented it out. Version 0.1.2 should appear on wp.org in an hour or two, when that does, look at line 37 and you should be able to make it work for WPMU quite easily. Just comment out line 36 and uncomment line 38.
hi. Thanks for plugin
perfect.
Regards
Callum
Thanks for the input. Looking forward to trying the new code.
As it turns out though, I have my new users defaulted to Author. I’ve tried using the plugin with both new ‘members’ and new ‘blogs’ and it still isn’t working right. I’ve removed the other plugin that had the redirect and still no go. One thing I have noticed is that providing a redirect URL is definitely not working as users are always taken to the homepage regardless of what I use. All of this said, there are cache issues with Buddypress as well so maybe that’s part of the problem as well. Makes it challenging to test I must say.
I know a lot of Buddypress users are looking for a way to hide the admin area as it is very confusing for users who have the BP profile and then find themselves behind the wall in the admin section with another profile.
Cheers
ps – I’m from Atlantic Canada and was in Edinburgh last year. Spent some time at The Last Drop.
@Scot: I’m not sure what’s going on with buddyPress. This plugin is called as early as possible in the WP boot up, so at a guess I’d say it would work with a caching plugin (I haven’t looked into it).
To aid debugging, try adding some exit(’message’); calls to the plugin. That will help you to see if it’s being called.
Hey Callum,
Your plugin does exactly what I was looking for. I installed it and found that it wasn’t working for some reason. After looking at the code, I saw the problem:
if (strpos(strtolower($_SERVER['REQUEST_URI']),’/wp-admin/’)) {
should be
if (strpos(strtolower($_SERVER['REQUEST_URI']),’/wp-admin/’) !== false) {
Since the strpos() of ‘/wp-admin/’ can return zero, the value needs to be evaluated as not equal to false; otherwise, the user’s access level is never checked for blogs that are installed on the root of a domain.
Thanks for the plugin!
@Jonah Korbes: You are absolutely correct. I routinely make that mistake with strpos. I have added your fix and a note crediting you. Thanks for the fix.
Thanks for Plugin.
Thanks for that plugin! I just installed it and it worked without having to change anything. Now I’m wondering if you’ve ever thought of removing the “Site Admin” link when it’s deactivated by WP Block Admin
@Malcolm: I think you can get rid of that via your theme. It’s part of the Meta widget I believe. Not sure if / how I’d plug into that to remove it. Interesting idea though…
Thanks. If I’d get rid of that link n the theme, I’d want to condition that getting-rid-of on your plugin having deactivated the link (or redirecting it, whatever you do). Can you think of a test I could make?
@Malcolm: You could use the same test as in the plugin itself.
if (!current_user_can($wpba_required_capability))Thanks! I’ll give that a try and report back.
Yep, that worked after I realized I needed to add the setup for $wpba_required_capability
Now the Site Admin link doesn’t appear unless it’s functional.
Thanks for the help and for the great plugin!
Malcolm: I’m surprised you need to setup
$wpba_required_capability. Are you calling it within a function maybe? You could try making it global, that might do the trick. I’d guess that all the plugins are loaded (and so$wpba_required_capabilityis setup) before the theme loop starts, but I might be wrong.It’s working perfectly now. But here’s the code if you want to take a look:
< ?php global $wpba_required_capability;
if (current_user_can($wpba_required_capability))
wp_register();
?>
You can login to the site (http://ca-bankruptcylaw.com) if you want with the following ID and password if you want to see it in action:
ID: eastmont1 PW: 123
Hi Callum,
Greeeeat plugin,
But I have some issues with the upload page, every time I send a file the frame with the forms (Legend, Title, Description etc) the iframe redirect to the home. I using de WP 2.7.1 …
The upload works nice, just this redirect is a little inconvenience…
Any idea why this happens?
Thanks!
@Caciano: Aha. It sounds like that form is in /wp-admin/ even though it is used on the front end. Interesting. Try changing line 51, which is currently:
if (strpos(strtolower($_SERVER['REQUEST_URI']),'/wp-admin/') !== false) {to this:
if (is_admin()) {If that works for you, I’ll probably change the plugin to use that method.
Thanks Callum, now it works perfectly!
I admit that I have not had a chance yet to look at the code yet (busy morning) but we have been recommending this plugin to users of our forum plugin and with our latest release added the technique as an option. Are you aware that (at least using WP2.8) it disables the use of the flash uploader?
@andy: Try changing line 51 from:
if (strpos(strtolower($_SERVER['REQUEST_URI']),'/wp-admin/') !== false) {to:
if (is_admin()) {Does that resolve the issues with 2.8? I don’t use the plugin personally so I don’t test it. Are you interested in taking over the maintenance of the code?
If that change works for you (it worked for somebody else recently), I’ll make the change and push out a new version.
No – still no luck. Can’t really see why though unless the WP guys have screwed up the capabilities check for image uploading….
Hi, is there any way I can use this for WPMU but not completely block my users? I saw your first suggestion but I do not have buddypress so I do need to give my users some access for the standard menus and for some menus that my addons created. Im not sure how the first poster had blogs defaulted to author users but my users are Admins.
You can use the plugin as a starting point then modify it to your own requirements.
Ok, So I switch the commented lines and then what would be a code I would use to add in each capability to block?
I don’t think I’ve ever replied to your question, apologies.
If you’re still having the issue, you can edit line 18. It’s clearly marked in the code.
Hey there,
Great plugin!
I am a bit of a newbie, so don’t want to play around too much in case i break something (i have the horrible wordpress version 2.8 and it’s very tempremental, so much so in fact it won’t let me upgrade!!)
Anyway, back to the point. Can you please let me know what code I need to put in and where to make this only redirect subscribers? Sorry I have done a bit of googling to try and find the answer to this but there doesn’t seem to be one.
thanks again!
You want to redirect subscribers but nobody else. Is that correct?
You can edit line 18 of the plugin. Choose a new capability. Looking at this list, contributors have “edit_posts” and “delete_posts” capabilities while subscribers don’t. I’d guess either of those would work, if I’ve understood what you want correctly. Please share your solution back here for others.
THANK YOU!
I was searching for hours for a plugin like this one!
I was just looking for the wrong thing, but thanks, now I have it, it works like a charm!
Hrmm i’m on 2.9 and still having the same 2.8 issues with the http error upon uploading an image. Substituting is_admin does not fix this problem. Something to do with the wp_redirect?
I’m not sure what causes the issues with the image uploader. I wrote this plugin for somebody else and haven’t used or tested it since. If you’re able to find the problem and would like to submit a patch, please do. If you’d like to take over the maintenance of the code give me a holler.