Home > Tele2 > Wp admin close access for administrator. How to Restrict Access to Your WordPress Dashboard

Wp admin close access for administrator. How to Restrict Access to Your WordPress Dashboard

Flexor 5

Adminimize

Updated:

Adminimize This is a plugin that allows you to customize your blog admin area. To be more precise, in the blog admin panel you can remove absolutely any elements for the selected user role. The simplest example is that you can use this plugin to prevent a registered user from seeing anything other than his own profile in the admin panel. That is, you can remove links to " Console", messages that a new version of the engine is available, logo WordPress, inscriptions and links in the footer, etc. Similarly, you can limit access to admin functions to blog authors or editors, and for the administrator you can also remove all unnecessary unused items.

Download the plugin from it home page and install it:

1. Unpack the archive.

2. Copy the folder adminimize V /wp-content/plugins/.

3. Go to the blog admin panel on the "tab" Plugins" and activate the plugin.

There is no Russian language in the plugin, but this situation can be corrected by downloading the Russian version of the plugin from Lecactus. He's too old version plugin, which will not suit us, but the localization file will be useful to us. True, it is a little outdated and some phrases will not be translated, but still it is better than nothing. Just copy the file from the downloaded plugin archive adminimize-ru_RU.mo to the plugin folder languages and you will have the Russian language.

Plugin settings can be found in " Parameters\Adminimize". There are a lot of settings here and before changing anything, first carefully study everything that the plugin offers you. In principle, everything should be clear, since in Russian the plugin is no longer so difficult to learn. I’ll just look at an example, about which I mentioned at the beginning of the article - how to prevent a regular subscriber from seeing anything other than his profile.

1. Hide " Basement" V " Admin settings".
2. Limit " User information" displaying only links to the user profile and to exit the blog.
3. Check the option " Dashboard deactivate, redirect to" How " Default (profile.php)".
4.B" Global settingsFavorite actions", "Screen settings"(in Russian translation this will be the name of 2 items, disable both of them) and " Contextual help".
5.B" Menu settings"disable output for subscriber" Consoles"and conclusion" Tools".

The main setup is complete, now the subscriber, when logging into the admin panel, goes to his profile and does not see links to " Console", "Tools" and does not see the footer. You can stop there, but I personally am not satisfied with the following things: a separator located just above the profile link, information that a new version is available WordPress, WordPress logo and button " Go to website". All these things can be removed through additional settings V " Your own settings", simply by pointing there ID or class element to be removed. Let's look at it step by step:

Removing the separator:

We call the item " Separator" and set its value as " #adminmenu .wp-menu-separatorSeparator

We remove the message about new version WordPress:

We call the item " Update" and set its value as " #update-nag", save. Now a new item has appeared in the settings " Update", which we can prohibit for the subscriber.

Removing the logo WordPress:

We call the item " Logo" and set its value as " #header-logo", save. Now a new item has appeared in the settings " Logo", which we can prohibit for the subscriber.

Remove the button " Go to website":

We call the item " Button" and set its value as " #site-visit-button", save. Now a new item has appeared in the settings " Button", which we can prohibit for the subscriber.

Thus, you can prohibit the display of anything in the admin panel, as long as it is registered through css. I think you understand the principle and there is no need to explain further.

There is one thing about the plugin that I didn’t like at all - it creates its own color schemes for use in the blog admin area. Moreover, he creates them without even asking permission and without giving a choice to install them or not. In the settings, of course, you can completely disable the choice of color scheme, but disabling only the schemes that the plugin has added is not possible.

To disable embedding your color schemes into the user profile altogether, find in the plugin file adminimize.php function _mw_adminimize_admin_styles($file) and delete its contents. That is, in the end you should succeed.

Hi all! This article will focus on the role of WordPress users, in other words, the rights of users in groups. What each of them can do and how to configure access rights.

Before setting up WordPress user rights, let's look at how these new users can be created.

Method No. 1

Allow readers to register on the blog. This can be done in the “General Settings” section:

Check the box next to “Anyone can register” and select the WordPress user role, that is, which group the reader registered on the blog will belong to.

Method No. 2

Manually create a new user. To do this, you need to use the WordPress admin section “Users” - “Add new”:

The only required fields are Name, Email and Password. Don't forget to select a role for him below.

Now let's understand the rights and capabilities of standard roles that are available in WordPress by default.

Standard user groups (roles) and their access rights

Subscriber

The most powerless of all registered “creatures” in WP. Has access only to his profile settings.

If installed in WordPress, then a simple subscriber has access to all its settings. This is, of course, a plugin bug and a very unpleasant one. Therefore, I advise you to prohibit the registration of new users on the blog when using it.

Participant

In addition to editing his profile, the participant can:

  • View the titles of existing blog entries, including those that have not yet been published. In this case, only the headings; it is forbidden to look into the contents.
  • Write articles and send them to the administrator for approval.
  • View comments, but cannot edit them.
  • If there is a blog, then the participant can view the code feedback, which can be added to the article.

Author

  • Can independently publish articles without administrator approval.
  • Add media files to WordPress.
  • If available, then it provides the ability to upload various kinds of files to the server.

Editor

The editor has all rights related to the publication and editing of site materials. The settings of the WP admin panel itself and most plugins are not available to him. And so, the editor’s gingerbread:

  • The ability to publish posts and pages on the blog, as well as change existing ones.
  • Create categories, tags and external links.
  • Full control over comments - deleting/creating/editing.
  • In addition to those mentioned above, what other plugins are available (from those I noticed): Contact Form 7 - now all settings for the feedback form; FV Gravatar Cache - settings for caching avatars in comments; Subscribe To Comments - subscription to new comments; WP-Filebase - now uploaded files can be grouped by category.

Administrator

Admin can do anything!!!

Creating and editing user roles

What should you do if you need to expand the functions of a role and give it additional rights? Comes to the rescue User Role Editor plugin, which allows you to edit the rights of existing roles and create new ones.

The plugin is installed as standard:

  • unpack the archive into the current directory and upload the resulting folder to the server in the wp-content/plugins directory using ;
  • go to the “Plugins” section of the WordPress admin panel, find and activate User Role Editor.

Plugin settings are available at “Users” - “User Role Editor”. I'm glad that they are entirely in Russian! In the first field you can edit rights for existing roles.

The procedure is as follows:

  1. select the role that we want to edit;
  2. put a tick opposite Displaying features in a readable form for a better understanding of the list of available functions;
  3. Check the required rights and save the settings.

You can add a new role. To do this, we will use the option of the same name:

The name must be written in Latin letters. Some rights can be taken from standard roles. After creation, check the available options and save the settings.

Another such moment. Some plugins add their own functions. In the screenshot you can see non-standard functions from, which is responsible for creating galleries, albums and lightboxes for pictures, and from

When several authors write simultaneously for your WordPress site, it is very important to correctly distribute the workflow and make this process comfortable for each author. There is a special plugin for simultaneous work of several authors on WordPress.

But today we are not talking about that. Today we will look at one simple free plugin Restrict Author Posting, with which you can assign certain categories to each author, and limit access to other categories.

This is especially true if you have an author's column on your website. Or, for example, you have a column with reviews of gadgets, in which only a few specific authors can write.

Restrict Author Posting plugin

First of all, download and install the free Restrict Author Posting plugin.

Immediately after activating the plugin, go to the menu Users and open the profile of the user for whom you want to set up limited access.

Scroll to the bottom of the user's profile and you will see a new menu Restrict Author Post to a category, in the drop-down list, select the Category for which this author will write. Click save.

If you want to remove the restriction from any author of your site in the future, open his profile in the same way and select from the drop-down menu No Restrict.

Today, the Advanced Access Manager plugin (AAM for short) is one of the best solutions to control access and improve security of a WordPress site. It is very easy to use and its power allows you to gain flexible control over one or an entire network of sites.

With this add-on you can control access to different areas of your site: posts, pages, categories, widgets or menus. Access can be defined for any specific user, for user groups or an anonymous visitor.

Features of the Advanced Access Manager plugin

AAM is a fresh extension that is frequently updated as needed and new engine versions are released. Key Features implemented in the latest version:

  • Administrator login protection(Secure Admin Login) - allows you to control the login process to your site, determine the number or possible login attempts, track the geographical location and block the visitor by IP to prevent potential hacker attacks.
  • Control access to posts, pages or categories(Control Access to Posts, Pages or Categories) - allows you to limit access to your posts, pages or categories for any user, role or visitor, as well as define the allowed actions of the visitor.
  • Control access to media files- You can define user access to media files for any user, role or visitor. This feature works without any additional configuration on the server without using an Htaccess file.
  • Managing roles and capabilities— you can manage the list of roles and capabilities. This feature has been developed and tested by hundreds of experienced WordPress users and developers. This gives you the ability to create, update or delete any role or capabilities. For security reasons, this feature is limited by default, but can be easily activated.
  • Recording user activity— you can keep a login record: how and when the user entered or exited the system.
  • Backend menu filter— managing access to the backend menu (including submenus), that is, the menu that is displayed when you log into the WordPress site management console.
  • Filter metaboxes and widgets— predefine available metaboxes or widgets for any user, role or visitor.

And much, much more.

An excellent free plugin for WordPress that allows you to configure access in Russian.

Installation

Installs similarly to most WordPress plugins. Page on the official website: http://wordpress.org/plugins/advanced-access-manager/. When installing via the console, enter the text “Advanced Access Manager”.

After installation, an additional tab with a submenu appears in the site management menu:

  • “Access control” - basic settings;
  • “ConfigPress” - allows you to use special codes for advanced settings;
  • “Extension” - additional plugins and extensions, mostly paid. They are capable of further expanding the configuration;
  • “security” - settings regarding the protection of the admin panel and the site itself.

ConfigPress Settings

Below is a list of all possible settings ConfigPress with explanation:

We define default access to administrator menu items if it has not been configured. By default it is set to “Allow”.
menu.undefined = "deny"

Changing the default access to the AAM menu - Access Control. By default, only the administrator has access.
page.access_control.capability = "aam_manager"

Changing the default ability to access "AAM" is "ConfigPress".
page.configpress.capability = "configpress_guru"

Change the default access to the AAM - Extension screen.
page.extensions.capability = "aam_extensions_manager"

If there is no access defined for the current article or page, then by default AAM tries to inherit the settings from the parent category.
post.inherit = "false"

If there is no access defined for a particular category, by default AAM tries to inherit settings from the parent category.
term.inherit = "false"

To speed up AAM execution, the result can be cached. The cache is automatically updated when you click the Save button.
caching = "true"

Unlock limited capabilities in AAM for a single administrator. By default, managers and other administrators are not allowed.
super_admin = "true"

Each has an internal ID (usually the lowercase equivalent) and a name. Every time a new role is created with AAM, the ID changes to something like aam_78koi9831933i. The setting below suppresses this behavior and keeps the name lowercase.
native_role_id = "true"

Allows you to redirect the user if access to any server resource is denied to the URL of the message or page specified in this setting identification number. By default it will show Access Denied.
access.deny.redirect = "http://insert_address.ru here"

Message when accessing a prohibited part.
access.deny.message = “Oh. This is a restricted area."

- similar settings.

All these settings are grouped and fit into the corresponding window:

Security settings

In the current version of AAM, for security, we must use ConfigPress to call certain functions. Below full list all possible ConfigPress settings for the security section:

The geo feature monitors the user's location based on the IP address. This feature is disabled by default and can be enabled by changing false to true.
login.geo_lookup = "false"

The plugin uses the FreeGeoIP.net web service to obtain geo location based on IP address. Currently this is the only option, but the developers promise to expand the list possible options in future versions.
login.geoip.service = "FreeGeoIP"

The function of controlling the process of logging into the admin panel and blocking the login allows you to prevent the site from being hacked by trying different password combinations.
login.lockout = "false"

This setting determines the number of attempts to enter the correct password.
login.attempts = "10"

There is also login.attempt_failure = "slowdown", login.slowdown_time = "5", login.die_message = "You cannot log in" and login.cache_limit = "1000".

“Access control” settings

Appearance:

You can find information about these and other plugin settings in the help section on the official website http://wpaam.com/category/tutorials/. Continuation of settings and use in the following articles!

Hello, dear readers!

In today’s article, we are looking at the features of logging into the WordPress admin area, or rather, its protection.

We have three questions left to consider:

  1. Protection of the admin panel from brute force attacks;
  2. Restricting entry using blocking ip-addresses;
  3. Changing login and password via php MyAdmin.

Protection of the admin panel from brute force attacks.

Brute force attacks are a method of hacking a website by selecting a username and password. Of course, such hacking is not carried out by a specific person. Going through thousands of login and password options is only possible computer program, which can work quickly and has no time limits. Such a program installed on some remote computer, can continuously “knock” on the admin panel of your site, trying different options.

Using special plugins, you can limit the number of such attempts. For such purposes you can use a plugin Limit Login Attempts.

What are its capabilities?

Firstly, after several incorrect login attempts from a certain IP address, this address is blocked for a specified time. Secondly, if after this incorrect attempts continue, then this address is permanently blocked. You can configure both the number of incorrect attempts and the blocking time.

Plugin Limit Login Attempts is used very widely, despite the fact that it has not been updated for a long time.

But some other plugins also have the same functions. For example, the plugin, which I already wrote about. (You can download a guide for setting it up). This universal plugin has more than 30 functions to protect your WordPress site, including limiting attempts to log into the admin panel.

Another plugin that restricts login to the WordPress admin area - However, its disadvantage is that it overloads the server. It is better to use it periodically to check the site, rather than constantly.

Restricting entry using blockingIP addresses.

Another method by which the WordPress admin is protected from unauthorized visitors is by blocking IP addresses.

Each computer on the network has its own unique IP address, consisting of four numbers separated by dots, and you can prevent all IP addresses except yours from logging into the WordPress admin area. This method is a little more complicated than simply using plugins. To use it you need to be able to work with files on your server.

First, you first need to find out your IP address. To do this, you can use the online service 2ip.ru.

Secondly, create a file .htaccess in a folder wp-admin.

Thirdly, write the following text in this file:

1 2 3 Order deny, allow Deny from all Allow from ***.***.***.***,

Order deny,allow Deny from all Allow from ***.***.***.***,

where your IP address is put in place of asterisks. Please note that the words “deny, allow” are written without a space.

This file can be created using an online editor usually provided by the hosting, or you can first create it on your computer using text editor Notepad++, and then upload to the server.

However, this method is not always fully applicable. The fact is that IP addresses can be static or dynamic. If your address is static, that is, it does not change over time, you write it in a file .htaccess and thereby blocking the entrance to the admin panel for outsiders. But most often, Internet providers provide users with dynamic IP addresses that change with each new connection. What to do in this case? Typically, providers have a certain range of IP addresses that form their own subnet. We can leave it open and block the rest of the addresses. To do this, to the file .htaccess We enter only the first two numbers ***.***. with dots from the IP address you defined.

Changing login and password viaphpMyAdmin.

The login and password for logging into the WordPress admin area are stored in the database of your site, and you can change them using php programs MyAdmin, which is used to manage the database.

In order to do this, you need to go to the control panel of your hosting account. These panels look different on different hostings, but there is always an item php MyAdmin.
 Clicking on it takes us to the database control panel. Select the Databases tab, find yours in the list of databases and open it.

By the way, if you do not know the name of your database, or you will be required to enter a password, you can first find them in the wp-config.php file, located in the root folder of the site on the server.

The database consists of several tables, among which we find the one in which the login and password are stored. By default it is called wp-users, but if you somehow, for example using a plugin iThemes Security, changed the prefix, then instead wp there will be a different set of characters.

After opening this table you will see your login and password.
Don't be surprised that instead of the password you know, there will be a different one. The fact is that the password is stored in encrypted form in the database. You can now change your details. To do this, click on the button Change and in the field login enter a new name.
Before entering a password, in the drop-down list in front of the password you need to select MD5 in order to New Password was also encrypted. After that, save the changes and try to log into the WordPress admin area with the new data.

I'll end this for now. The next article will brief overview WordPress admin panel. Subscribe to blog updates so you don't miss it and subsequent materials.

Write if the article was useful to you. Share with others using social media buttons.


Related articles

Review of the free version of AdwCleaner AdwCleaner: what is it

Review of the free version of AdwCleaner AdwCleaner: what is it

How to turn your Android device into a wireless gamepad

How to turn your Android device into a wireless gamepad

Wireless router Asus RT-N11P How to connect a new router asus rt n11p

Wireless router Asus RT-N11P How to connect a new router asus rt n11p

×
Close