besides init hook, which can I prevent user access to WP dashboard

Hello @sayze35 ,

init hook is good hook to redirect the non-admin user on desired page if they try accessing dashboard. But if you want to use some other hook, then you can go with ‘plugins_loaded’ hook which is triggered far earlier than init hook at the backend.

Your snippet to redirect the non-admin users is correct. I will suggest to use ‘wp_safe_redirect’ function just to avoid redirection issues.

Please find the updated code snippet below:

function checkFunc()
{
	if (is_admin() && !current_user_can('administrator')) {
		wp_safe_redirect(home_url(), 302);
		exit;
	}
}
add_action('plugins_loaded', 'checkFunc');

Please do post your feedback if this works for you or not.

https://codex.www.ads-software.com/Plugin_API/Action_Reference/admin_init

that means ANY user will have the admin_init hook fired, correct?

thanks

Hi @sayze35 ,

‘admin_init’ hook is not recommended for non-admin users. Please try using ‘plugins_loaded’ hook instead.

https://codex.www.ads-software.com/Plugin_API/Action_Reference/admin_init

1) that means ANY user will have the admin_init hook fired, correct?
2) is that really the way to identify any NON admin?
3) look at that __wp_die() function… what is __ before the name?

thanks

Hi @sayze35,

Please find my comments below:

1) Yes admin_init is fired for ANY user. But it is not recommended for handling the redirection because it is also fired in case of sending ajax request through admin-ajax URL. So those ajaxes might get failed. Hence, I suggested to user plugins_loaded hook.

2) Yes that way also is correct to identify non-admin users.

3) Refer the link below to understand __.
https://developer.www.ads-software.com/reference/functions/__/
https://developer.www.ads-software.com/reference/functions/_e/

Please let me know if you get any query!

Hi @ketanvyawahare,?
thanks for the help.

So I saw a bad side effect on using admin_init.
I then used your snippet and same issue (although the process went a little further).

The process I’m talking about is users being able to complete some functionality.
The functionality has javascript and ajax (which is why I think the admin_init STOPPED the user).

And on your snippet, no visible error, but the process was not completed.

NOTE: when I removed BOTH of the hooks, the user’s have no problems.

SO…
A) It seems I ONLY need to check (fire the hook) IF a user is trying to access an admin URL?
B) Do nothing if a user is doing user related things?

Your thoughts?

Am I missing something IF I add a line of code to check IF the URL is /wp-admin/
or something like that? Is that good idea?

Or any other ideas or thoughts as to how I allow users to do user things?

THANKS!

So… I tried this:

// PREVENT any non admin person from seeing admin pages
function checkFunc()
{
	// get URL, if user on dash board, do nothing
	$expl = explode("/",$_SERVER["REQUEST_URI"]);
  	if ($expl[1] == "wp-admin") {

		if (is_admin() && !current_user_can('administrator')) {
			wp_safe_redirect(home_url(), 302);
			exit;
		}
	}
}
add_action('plugins_loaded', 'checkFunc');

same problem???
That does not work because the user functionality is doing things that (for some reason) uses or calls “wp-admin” pages and therefore, the same issue happens ??

example:
you save some data and
POST /wp-admin/admin-post.php happens and the above hook fails for the user.

how to get around this?
=> where to add code or hook that does not prevent a user from being a user?
I only want to stop the user IF the user tries something they are NOT supposed to do, etc. go to the wp-admin pages ??