I am trying to restrict access to wp-admin so that only administrators and editors are allowed. At the moment I am using this function:
function restrict_admin(){
//if not administrator, kill WordPress execution and provide a message
if ( ! current_user_can( 'manage_options' ) ) {
wp_die( __('You are not allowed to access this part of the site') );
}
}
add_action( 'admin_init', 'restrict_admin', 1 );
But this does the job only for administrator; editors are not allowed to access this part of the site. What can I do?
3 Answers
You’re correct in that you should be checking for a capability. However, manage options is only given to administrators by default. You should check against a capability that both editors and administrators have such as delete_others_posts.
function restrict_admin(){
//if not administrator, kill WordPress execution and provide a message
if ( ! current_user_can( 'delete_others_posts' ) ) {
wp_die( __('You are not allowed to access this part of the site') );
}
}
add_action( 'admin_init', 'restrict_admin', 1 );
See roles and capabilities from the codex.
