Hide Admin Menu Access by User Role in WordPress
Managing the WordPress admin interface for different user roles can significantly improve usability and security—especially in large organizations, multisite environments, or client-facing backends. While WordPress offers basic role capabilities, programmatic control over the admin menu gives you granular access control tailored to real-world workflows.
In this article, we’ll walk through how to dynamically hide menu items for non-admins and add custom menu redirects based on roles—without relying on third-party plugins.
Why Limit Admin Menus?
Giving non-admin users access to complex or sensitive admin features can lead to accidental changes, confusion, or clutter. Role-based menu customization helps:
- Simplify the admin interface for editors, authors, and contributors
- Prevent unauthorized edits to custom post types or plugin settings
- Improve navigation by directing users to more relevant internal tools
- Separate admin-only tools from general operational tools
Understanding the WordPress Admin Menu
The WordPress admin menu is built dynamically during the admin_menu
action. Each menu item is tied to a capability (like edit_posts
or manage_options
)—but sometimes that’s not enough. You may want to override menu visibility or add custom redirects.
This is where programmatic filtering becomes essential.
Example Use Case
Imagine you have a custom post type called “Specials” used for marketing content. Admins should access the full edit interface, but editors should instead be routed to a dedicated frontend dashboard like a “Marketing Hub.”
This requires two steps:
- Hide the “Specials” menu for non-admins
- Add a new menu that redirects to the hub
How to Hide Admin Menus Based on Role
Use the current_user_can()
function to conditionally remove menu items for specific roles.
Example: Hiding a Menu for Non-Admins
add_action('admin_menu', 'custom_hide_specials_menu', 99);
function custom_hide_specials_menu() {
if (!current_user_can('administrator')) {
remove_menu_page('edit.php?post_type=specials');
}
}
This checks if the current user is not an admin and removes the custom post type “Specials” from the admin menu. You can adjust the post_type
to match your custom one.
Adding a Custom Menu That Redirects
For users who shouldn’t access the full “Specials” editor, you can add a new menu item that redirects to a frontend page (like a marketing dashboard).
Example: Adding a Redirecting Admin Menu
add_action('admin_menu', 'custom_add_marketing_hub_menu');
function custom_add_marketing_hub_menu() {
$hub_url = site_url('/marketing-hub/'); // Replace with actual destination
add_menu_page(
'Marketing Hub',
'Marketing Hub',
'read',
'marketing-hub',
function () {
echo '<div class="wrap"><h1>Redirecting...</h1></div>';
},
'dashicons-chart-line',
8
);
add_action('admin_init', function () use ($hub_url) {
if (isset($_GET['page']) && $_GET['page'] === 'marketing-hub') {
wp_safe_redirect($hub_url);
exit;
}
});
}
This creates a simple redirect for all users, including admins. You can conditionally wrap the logic to show it only for certain roles.
Best Practices
- Always validate user capability before showing or hiding menu items.
- Use
current_user_can()
instead of role names directly to ensure capability-based flexibility. - Test with multiple roles (editor, author, contributor) to confirm the behavior is as expected.
- Use capability-based control over direct role checks when possible (
manage_options
vs checking for ‘administrator’).
Common Pitfalls
- Removing a menu item doesn’t prevent direct access to the page—use
current_user_can()
inside the page logic too. - Be cautious of plugin updates or CPT name changes that may affect
remove_menu_page()
slugs. - Avoid hardcoding URLs—use
get_permalink()
orsite_url()
to ensure flexibility across environments.
Conclusion
Restricting access to admin menu items based on user role helps keep your WordPress dashboard clean, secure, and user-friendly. Whether you’re redirecting users to a custom hub or simply hiding complex interfaces, programmatic control gives you the flexibility to tailor the experience for every user type.
By combining remove_menu_page()
and add_menu_page()
with smart conditional logic, you can create a backend experience that matches your team’s real-world workflow—without relying on bulky plugins.