How to redirect WordPress user when access is denied

To provide better user experience, it is recommended to define smooth user flow when access is denied to any post, page or other restricted WordPress resource. This way your website user will be informed when access is actually restricted rather than thinking that something went wrong and your website is broken.

Advanced Access Manager WordPress plugin has very easy way to manage access denied redirect for both Frontend and Backend. You can even customize redirect for any role, individual user, visitors or set the default redirect for all users and roles.

WordPress Access Denied Redirect

Note! This feature does not require any premium extensions and is available in the basic plugin version.

There are several possible rules that you can utilize to define access denied redirect flow.

Default (“Access Denied” message)

By default, when access is denied to any restricted website resource, AAM displays the “Access Denied” message. This is very simple and effective way to notify your user that access is restricted.

WordPress Access Denied Message

Show customized message

The default “Access Denied” message might not be the best option if you would like to give more information about the reason for denial or maybe make this message more visually appealing. In this case you can choose this option and enter either plain text or custom HTML and it will be rendered instead of default “Access Denied”.

WordPress Access Denied Custom Message

Note! You can enter shortcodes and they will be replaced with actual values during the message rendering.

Redirected to existing page

You may also redirect user to any existing page that is not restricted. For example you can create a custom page that explains why access is denied or simply redirect user to the Home page.

Warning! Be careful and do not redirect user to the page that is also restricted otherwise the restricted page will be available to view.

WordPress Access Denied Redirect To Page

Redirect to the login page

This is the additional option that is available only for Visitors that allows to redirect visitor to the login page and after successful authentication, redirect back to the restricted page. Very handful option for smooth user experience.

WordPress Redirect Visitor To Login Page

For your convenience you can utilize AAM Secure Login widget that is available in the basic AAM version. For more information about it please check How does AAM Secure Login works article.

Redirected to the URL

Redirect user to any valid URL. Note! You have to provide the valid URL that starts with HTTP or HTTPS. If the provided URL is not valid, AAM will ignore it and will display entered URL as text.

WordPress Redirect To URL

Trigger PHP callback function

The final option is more for developers that prepare a custom callback function that may handles redirect. You absolutely must have to provide valid PHP callback otherwise AAM will fallback to the default “Access Denied” behavior.

Also remember to either redirect user to different location or inform user that access was denied. If callback function does not do any of those tasks, the user will see only blank page.

Additionally the callback has to be loaded before wp action otherwise AAM simply will fail to trigger defined callback (AAM uses is_callable function to verify the provided callback exists and can be called).

WordPress Custom Redirect Callback Function

Here is the example for the callback function:

/**
 * Custom access denied redirect
 */
class My {
    
    /**
     * Trigger redirect
     * 
     * The $args is an array that contains information about what 
     * and why was rejected.
     * 
     * @param array $args
     * 
     * @access public
     * @static
     */
    public static function trigger($args) {
        //place your custom code here
        
        //simply show the message
        wp_die(__('Access is denied to this resource', MY_DOMAIN_CONST));
    }
    
}

Related Forum Topics

Get notified about important updates and new features (no more than one email per month).