How to redirect WordPress user when access is denied

To provide better user experience, it is recommended to define intuitive user flow when access is denied to any post, page or custom post type. This way your website user will be informed when access is actually restricted rather than thinking that something went wrong and your website is broken.

Advanced Access Manager has very easy way to manage access denied redirect for both frontend and backend. You can even customize redirect for any role, individual user, visitors or set the default redirect for all users and roles.

WordPress Access Denied Redirect

Note! This feature does not require any premium extensions and is available in the basic plugin version.

There are several possible rules that you utilize to define access denied redirect flow.

= Default (“Access Denied” message) =

By default, when access is denied to any restricted post, page or custom post type, AAM displays the “Access Denied” message. This is very simple and effective way to notify your user that access is restricted.

WordPress Access Denied Message

= Show customized message =

The default “Access Denied” message might not be the best option if you would like to give more information about the reason for denial or maybe make this message more visually appealing. In this case you can choose this option and enter either plain text or custom HTML and it will be rendered instead of default “Access Denied”.

WordPress Access Denied Custom Message

= Redirected to existing page =

You may also redirect user to any other existing page that is not restricted. For example you can create a custom page that explains why access is denied or simply redirect user to the Home page.

Warning! Be careful and do not redirect user to the page that is also restricted. Otherwise this will cause infinite redirect loop.

WordPress Access Denied Redirect To Page

= Redirect to the login page =

This is the additional option that is available only for Visitors that allows to redirect visitor to the login page and after successful authentication, redirect back to the restricted page. Very handful option for smooth user experience.

WordPress Redirect Visitor To Login Page

For your convenience you can utilize AAM Secure Login widget that is available in the basic AAM version. For more information about it please check How does AAM Secure Login works article.

= Redirected to the URL =

Redirect user to any valid URL. Please note! You have to provide the valid URL that starts with HTTP or HTTPS. If the provided URL is not valid, AAM will ignore it and will display entered invalid URL.

WordPress Redirect To URL

= Trigger PHP callback function =

The final option is more for developers that triggers custom callback function that may handles redirect. You absolutely must have to provide valid PHP callback otherwise AAM will fallback to the default “Access Denied” behavior.

Please also remember to either redirect user to different location or inform user that access was denied. If callback function does not do any of those tasks, the user will see only blank page.

Additionally the callback has to be loaded before wp action otherwise AAM simply will fail to trigger defined callback (AAM uses is_callable function to verify the provided callback exists and can be called).

WordPress Custom Redirect Callback Function

Here is the example for the callback function:

/**
 * Custom access denied redirect
 */
class RedirectClass {
    
    /**
     * Trigger redirect
     * 
     * The $args is an array that contains information about what 
     * and why was rejected.
     * 
     * @param array $args
     * 
     * @access public
     * @static
     */
    public static function trigger($args) {
        //place your custom code here
        
        //simply show the message
        wp_die(__('Access is denied to this resource', MY_DOMAIN_CONST));
    }
    
}

Get Development Package with all extensions included for unlimited number of sites

Learn More

Get the latest updates and promos.