How do I add a custom menu that redirects?

You can add a new menu item that redirects to a frontend page using the add_menu_page() function along with a redirect in the admin_init hook.

What are best practices for managing admin menus?

Best practices include validating user capability before showing or hiding items, using current_user_can() for flexibility, testing with multiple roles, and using capability-based control instead of hardcoding role checks.

What are common pitfalls when restricting admin menu access?

Common pitfalls include not preventing direct access to pages, being cautious about plugin updates that affect menu slugs, and avoiding hardcoded URLs.

Controlling WordPress Admin Menu Access by User Role

Q: Why limit admin menus?

Limiting admin menus can simplify the interface for non-admin users, prevent unauthorized edits, improve navigation, and separate admin-only tools from general operational tools.

Q: How do I hide admin menus based on role?

You can use the current_user_can() function to conditionally remove menu items for specific user roles.

7 May 2025 By Eugene Evenwel

Managing the WordPress admin interface for different user roles can significantly improve usability and security—especially in large organizations, multisite environments, or client-facing backends. While WordPress offers basic role capabilities, programmatic control over the admin menu gives you granular access control tailored to real-world workflows.

In this article, we’ll walk through how to dynamically hide menu items for non-admins and add custom menu redirects based on roles—without relying on third-party plugins.

Why Limit Admin Menus?

Giving non-admin users access to complex or sensitive admin features can lead to accidental changes, confusion, or clutter. Role-based menu customization helps:

Simplify the admin interface for editors, authors, and contributors
Prevent unauthorized edits to custom post types or plugin settings
Improve navigation by directing users to more relevant internal tools
Separate admin-only tools from general operational tools

Understanding the WordPress Admin Menu

The WordPress admin menu is built dynamically during the admin_menu action. Each menu item is tied to a capability (like edit_posts or manage_options)—but sometimes that’s not enough. You may want to override menu visibility or add custom redirects.

This is where programmatic filtering becomes essential.

Example Use Case

Imagine you have a custom post type called “Specials” used for marketing content. Admins should access the full edit interface, but editors should instead be routed to a dedicated frontend dashboard like a “Marketing Hub.”

This requires two steps:

Hide the “Specials” menu for non-admins
Add a new menu that redirects to the hub

How to Hide Admin Menus Based on Role

Use the current_user_can() function to conditionally remove menu items for specific roles.

Example: Hiding a Menu for Non-Admins

add_action('admin_menu', 'custom_hide_specials_menu', 99);

function custom_hide_specials_menu() {
    if (!current_user_can('administrator')) {
        remove_menu_page('edit.php?post_type=specials');
    }
}

This checks if the current user is not an admin and removes the custom post type “Specials” from the admin menu. You can adjust the post_type to match your custom one.

Adding a Custom Menu That Redirects

For users who shouldn’t access the full “Specials” editor, you can add a new menu item that redirects to a frontend page (like a marketing dashboard).

Example: Adding a Redirecting Admin Menu

add_action('admin_menu', 'custom_add_marketing_hub_menu');

function custom_add_marketing_hub_menu() {
    $hub_url = site_url('/marketing-hub/'); // Replace with actual destination

    add_menu_page(
        'Marketing Hub',
        'Marketing Hub',
        'read',
        'marketing-hub',
        function () {
            echo '<div class="wrap"><h1>Redirecting...</h1></div>';
        },
        'dashicons-chart-line',
        8
    );

    add_action('admin_init', function () use ($hub_url) {
        if (isset($_GET['page']) && $_GET['page'] === 'marketing-hub') {
            wp_safe_redirect($hub_url);
            exit;
        }
    });
}

This creates a simple redirect for all users, including admins. You can conditionally wrap the logic to show it only for certain roles.

Best Practices

Always validate user capability before showing or hiding menu items.
Use current_user_can() instead of role names directly to ensure capability-based flexibility.
Test with multiple roles (editor, author, contributor) to confirm the behavior is as expected.
Use capability-based control over direct role checks when possible (manage_options vs checking for ‘administrator’).

Common Pitfalls

Removing a menu item doesn’t prevent direct access to the page—use current_user_can() inside the page logic too.
Be cautious of plugin updates or CPT name changes that may affect remove_menu_page() slugs.
Avoid hardcoding URLs—use get_permalink() or site_url() to ensure flexibility across environments.

Conclusion

Restricting access to admin menu items based on user role helps keep your WordPress dashboard clean, secure, and user-friendly. Whether you’re redirecting users to a custom hub or simply hiding complex interfaces, programmatic control gives you the flexibility to tailor the experience for every user type.

By combining remove_menu_page() and add_menu_page() with smart conditional logic, you can create a backend experience that matches your team’s real-world workflow—without relying on bulky plugins.