你首先需要的是理解User Roles in WordPress.
然后是一个管理自定义用户角色的插件,如User Role Editor 或Members.
在管理菜单中Settings > General, 设置用户注册到自定义角色时的默认角色:
插件成员具有更高级的功能,但如果您使用URE,则需要一些额外的功能来阻止对站点后端的任何访问。此处包装为plugin, 有关详细信息,请参见备注。
<?php
/**
* Plugin Name: Block Admin Access for Certain Roles
* Version: 0.2
* Author: brasofilo
* Plugin URI: https://wordpress.stackexchange.com/q/57206/12615
*/
/**
* When a registered user tries to visit a page for which he doesn\'t have access,
* i.e.: http:/example.com/wp-admin/plugins.php,
* WordPress displays a standard WP error message.
* This will redirect instead of displaying the message:
* "You do not have sufficient permissions to access this page."
*/
add_action( \'admin_page_access_denied\', \'access_denied_wpse_57206\' );
function access_denied_wpse_57206()
{
wp_redirect(home_url());
exit();
}
/**
* Redirect users without \'edit_posts\' capability if they try to access using an URL
* of an admin page that they would have capability to do
* i.e.: http:/example.com/wp-admin/profile.php
*/
add_action( \'admin_init\', \'admin_init_wpse_57206\' );
function admin_init_wpse_57206()
{
if( current_user_can( \'edit_posts\' ) )
return;
wp_redirect( home_url() );
exit();
}
/**
* Redirect users with \'pending\' and \'subscriber\' roles to the home url
*/
add_filter( \'login_redirect\', \'login_redirect_wpse_57206\' );
function login_redirect_wpse_57206( $url )
{
global $user;
if ( isset( $user->roles ) )
{
$result = array_intersect( $user->roles, array( \'author\', \'subscriber\' ) );
if( !empty( $result ) )
$url = home_url();
}
return $url;
}
/**
* Hide the admin bar for users without \'edit_posts\' capability
*/
add_filter( \'show_admin_bar\', \'hide_admin_bar_wpse_51831\' );
function hide_admin_bar_wpse_51831( $bool )
{
if( !current_user_can( \'edit_posts\' ) )
$bool = false;
return $bool;
}
参考资料:
