Lockdown backend area

Completely restrict access to the entire WordPress backend area. Any attempts to access URIs that start with /wp-admin/ will be denied.

Note! Any registered user, by default, has limited access to the backend area of the WordPress website. Even subscribers have the ability to see the Dashboard page and manage own profile. In the screenshot below you can see the type of information that the lowest user level can see.

WordPress subscriber backend area

While, at the time of writing this policy, we do not have reasons to believe that restricting access to the backend area make a website more secure, we only recommend to lockdown backend area for users that do not need to interact with it.

    "Version": "1.0.0",
    "Dependency": {
        "wordpress": ">=4.0.0",
        "advanced-access-manager": ">=6.0.0"
    "Statement": [
            "Effect": "deny",
            "Resource": [
Copy this unique number and use it to install the policy on your website. To learn more how it works, follow this link.
DEPENDENCIES List of required plugins for this policy to work properly.
WordPress >=4.0.0
Advanced Access Manager >=6.0.0
ASSIGNEES The type of audience the policy is automatically applied to as well as excluded. To learn more how it works, follow this link
  • Subscriber role