Hide Admin Menu Access by User Role in WordPress

Hide_Admin_Menu_Access_by_User_Role_in_WordPress_-_Thumbnail.png

Managing the WordPress admin interface for different user roles can significantly improve usability and security—especially in large organizations, multisite environments, or client-facing backends. While WordPress offers basic role capabilities, programmatic control over the admin menu gives you granular access control tailored to real-world workflows.

In this article, we’ll walk through how to dynamically hide menu items for non-admins and add custom menu redirects based on roles—without relying on third-party plugins.


Why Limit Admin Menus?

Giving non-admin users access to complex or sensitive admin features can lead to accidental changes, confusion, or clutter. Role-based menu customization helps:

  • Simplify the admin interface for editors, authors, and contributors
  • Prevent unauthorized edits to custom post types or plugin settings
  • Improve navigation by directing users to more relevant internal tools
  • Separate admin-only tools from general operational tools

Understanding the WordPress Admin Menu

The WordPress admin menu is built dynamically during the admin_menu action. Each menu item is tied to a capability (like edit_posts or manage_options)—but sometimes that’s not enough. You may want to override menu visibility or add custom redirects.

This is where programmatic filtering becomes essential.


Example Use Case

Imagine you have a custom post type called “Specials” used for marketing content. Admins should access the full edit interface, but editors should instead be routed to a dedicated frontend dashboard like a “Marketing Hub.”

This requires two steps:

  1. Hide the “Specials” menu for non-admins
  2. Add a new menu that redirects to the hub

HideMenu.png

How to Hide Admin Menus Based on Role

Use the current_user_can() function to conditionally remove menu items for specific roles.

Example: Hiding a Menu for Non-Admins

add_action('admin_menu', 'custom_hide_specials_menu', 99);

function custom_hide_specials_menu() {
    if (!current_user_can('administrator')) {
        remove_menu_page('edit.php?post_type=specials');
    }
}

This checks if the current user is not an admin and removes the custom post type “Specials” from the admin menu. You can adjust the post_type to match your custom one.


Adding a Custom Menu That Redirects

For users who shouldn’t access the full “Specials” editor, you can add a new menu item that redirects to a frontend page (like a marketing dashboard).

Example: Adding a Redirecting Admin Menu

add_action('admin_menu', 'custom_add_marketing_hub_menu');

function custom_add_marketing_hub_menu() {
    $hub_url = site_url('/marketing-hub/'); // Replace with actual destination

    add_menu_page(
        'Marketing Hub',
        'Marketing Hub',
        'read',
        'marketing-hub',
        function () {
            echo '<div class="wrap"><h1>Redirecting...</h1></div>';
        },
        'dashicons-chart-line',
        8
    );

    add_action('admin_init', function () use ($hub_url) {
        if (isset($_GET['page']) && $_GET['page'] === 'marketing-hub') {
            wp_safe_redirect($hub_url);
            exit;
        }
    });
}

This creates a simple redirect for all users, including admins. You can conditionally wrap the logic to show it only for certain roles.


Best Practices

  • Always validate user capability before showing or hiding menu items.
  • Use current_user_can() instead of role names directly to ensure capability-based flexibility.
  • Test with multiple roles (editor, author, contributor) to confirm the behavior is as expected.
  • Use capability-based control over direct role checks when possible (manage_options vs checking for ‘administrator’).

Common Pitfalls

  • Removing a menu item doesn’t prevent direct access to the page—use current_user_can() inside the page logic too.
  • Be cautious of plugin updates or CPT name changes that may affect remove_menu_page() slugs.
  • Avoid hardcoding URLs—use get_permalink() or site_url() to ensure flexibility across environments.

Conclusion

Restricting access to admin menu items based on user role helps keep your WordPress dashboard clean, secure, and user-friendly. Whether you’re redirecting users to a custom hub or simply hiding complex interfaces, programmatic control gives you the flexibility to tailor the experience for every user type.

By combining remove_menu_page() and add_menu_page() with smart conditional logic, you can create a backend experience that matches your team’s real-world workflow—without relying on bulky plugins.