This article is about managing access to WordPress backend menu items for any role or individual user with the help of Advanced Access Manager plugin. This feature is absolutely free and does not require any premium extensions.
WordPress backend menu is the main navigation for the website backend (admin) area that has different menu items based on the user capabilities.
- It is absolutely free so are you already saving $20-$60;
- No coding is required;
- Hide any backend menu item and also restrict direct access to the page it links to;
- Customize access to the backend menu per role or even individual user;
- Three levels of the access settings inheritance so you can manage access to all users at once or override access for any specific role or user;
- Easy way to find what capability is assigned to any menu item so you do not have to dig in code;
- Powerful and easy-to-use development API that can be utilized to create custom functionality
With AAM plugin you can manage access to each menu item for any role or even individual user. To do so, go to AAM page and switch to Backend Menu tab. Here you can find all the backend menu items that current role or user has access to (based on the list of capabilities).
You cannot manage access to the backend menu for visitors as they do not have access to the admin area.
The list of menu items on the Backend Menu tab vary based on currently managing role or user. This is due to the fact that each menu has a capability assigned to it and if role or user does not have this capability, then the menu is not going to be listed. Try to switch between different roles and you will notice that the menu list changes.
Note! Always remember that each menu item has a capability assigned to it. Make sure that your user or role has it in order to get access to the menu item.
Note! It is important to emphasize two exceptional scenarios when it gets harder to manage access to the backend menu.
Scenario 1. Menu item has administrator capability assigned. This is quite common for a lot of custom menus and it means that user has to have the Administrator role in order to get access to it.
If you do not want to assign an user to the Administrator role, then simply create a custom capability administrator and make sure that it is checked for desired role or user. This is not a recommended solution but rather a “hack”.
Learn more » How to manage WordPress capabilities
Scenario 2. Menu item is not listed even for the Administrator role. Some plugins or themes register custom menu with “dynamic capability” (e.g. Contact Form 7, Gravity Forms). This type of capability is not assigned to any role and is dynamically added to the currently logged in user. In rare cases, developers make a decision to register menu based on few very specific conditions that are programmatically handled inside a plugin or theme. For example Activity Log plugin checks if user has administrator capability and if not, then grands access to the menu for users with edit_pages capability.
So the point here is that you have to know what capability user needs to have or not in order to grand or deny access to a menu. If you not sure how to find this information, please do not hesitate to contact me however please explain what WordPress plugin or theme you are talking about and where can I download it.
Important! Do not restrict access to the Dashboard Home or Profile menus as these two are the most common pages each user lands after successful login. Since AAM 4.6 release, you are no longer allowed to restrict the Dashboard Home menu.
Finally, when you restrict access to any backend menu item, you actually physically restricting access to the page that it is linked to. So it is no longer possible to access that page with direct URL. By default, if access is denied, AAM will show a message “Access Denied” however to create a better user experience, you might consider to define Access Denied Redirect rule.
Learn more » How to redirect WordPress user when access is denied