Completely restrict access to the entire WordPress backend area. Any attempts to access URIs that start with /wp-admin/ will be denied.
Note! Any registered user, by default, has limited access to the backend area of the WordPress website. Even subscribers have the ability to see the Dashboard page and manage own profile. In the screenshot below you can see the type of information that the lowest user level can see.
While, at the time of writing this policy, we do not have reasons to believe that restricting access to the backend area make a website more secure, we only recommend to lockdown backend area for users that do not need to interact with it.
{
"Version": "1.0.0",
"Dependency": {
"wordpress": ">=4.0.0",
"advanced-access-manager": ">=6.0.0"
},
"Statement": [
{
"Effect": "deny",
"Resource": [
"Capability:aam_access_dashboard"
]
}
]
}