Block WordPress Admin Menu Items

Block WordPress admin menu items which offer extended functionality unneeded to current user – it’s possible with the help of User Role Editor Pro additional module. WordPress manages access to its administrator menu items by user capabilities. For example to use “Appearance” menu user should have ‘edit_theme_options’ or ‘switch_themes’ capabilities, to access “Settings” menu – ‘manage_options’ capability. You may manage this access with “User Role Editor” adding/removing capabilities to/from the roles or working directly with users. But what to do if you need to allow to user access to “Menus” item of “Appearance” submenu, but do not give him access to the “Widgets” from the same submenu? We can not do it via user capabilities as both menu items are managed by the same “edit_theme_options” user capability.
User Role Editor Pro includes “Administrator menu access” module which allows you block menu items for selected role turning on correspondent checkboxes, just like you do with user capabilities editing user role.

In order to use “Administrator menu access” module you need to activate it. Go to “User Role Editor” Options page and turn on “Activate Administrator Menu Access module” option at the “Additional Modules” tab:

Activate admin menu access module
Activate admin menu access module

After that you will see new button “Admin Menu” at User Role Editor Pro toolbar:
https://storage.googleapis.com/role-editor/wp-content/uploads/2016/07/ure-toolbar-admin-menu-button.png
Admin menu button

Do not look for it under “Network Admin->Users->User Role Editor”. For WordPress multisite “Network Admin” button is available just under single site admin. The reason: every site may have different menu items set.

Click on “Admin Menu” button to see the list of WordPress backend menu items available for currently selected role:

Admin menu for selected role
Admin menu for selected role

Turn on checkboxes for menu items, which you wish to block for currently selected role, and click “Update” button.
As the result user with that role will not see blocked menu items and even can not access them directly inserting into browser corresponding URL.

If you wish to see full list of administrator menu items open “Admin menu” for the “Administrator” role.
There is no sense to block menu items for administrator. So checkboxes are unavailable here. It is a very good start point for WordPress menu user permissions study and research. You may use “Admin Menu” dialog here as the reference for your work with roles and capabilities as “Admin Menu” shows what user capability restricts access to what admin menu item including menu items added by active plugins.

Example how to provide access to the plugin menu prohibited by “manage_options” capability (e.g. “Statistics” from WP Statistics plugin) but do now allow access to the “Settings” or other menus is available here.
Example for blocking access to selected items of WooCommerce menu is published at this post.

Technical details

When you select a menu item to be blocked, URE hides this menu item and blocks the URL assigned to it. Any try to use blocked URL leads to the redirection to URL, assigned to the 1st available (not blocked) menu item.

When we work with ‘block not selected’ model – all URLs from the main admin menu except apparently selected become blocked. So use ‘block not selected’ model carefully.

Combining “Admin menu access” data from multiple roles assigned to the same user, you have to take into account this logic:
– assigned restrictions take effect in the assigned roles order. Admin menu blocking data from the 1st (primary) role takes effect always;
– data from the rest roles are taking into account only if they use the same blocking model. For example, if the 1st role has ‘block selected’ model, but the 2nd role has ‘block not selected’ model, the 2nd role ‘admin menu access’ data is ignored.
– ‘admin menu access’ data from other roles with the same blocking model are added to the data from the 1st role.

Share
  • Ryan Pilling

    “There is no sense to block menu items for administrator.”

    There is a reason to do this if you are working in a Multisite environment. Super Admin gets all the power, but you may not want site Administrators to access certain settings in the menu.

    • Thanks for the comment. The “admin” in the post title is related to the admin back-end menu, not the the user with the “Administrator” role. This recipe is for any other user, except administrator.