Support

December 6, 2017 at 9:00 pm

Thanks for this quick reply !

I deactivated the Wordfence plugin and still get the spinning wheel when trying to load Calendar.

I do have a snippet to restrict backend access to admin users but I can’t see why it would block access to wp-admin/admin-ajax.php. Here’s the code :

add_action( ‘admin_init’, ‘restrict_admin’, 1 );
function restrict_admin()
{
if ( ! current_user_can( ‘manage_options’ ) ) {
wp_safe_redirect( site_url() );
}
}

I am also hiding WordPress menu items and admin bar from non-admin users :

//* Hide WordPress backend pages for non admin users
function ps_remove_menus() {
if ( ! current_user_can( ‘administrator’ ) ) {
remove_menu_page( ‘index.php’ ); //Dashboard
remove_menu_page( ‘edit.php’ ); //Posts
remove_menu_page( ‘upload.php’ ); //Media
remove_menu_page( ‘edit.php?post_type=page’ ); //Pages
remove_menu_page( ‘edit-comments.php’ ); //Comments
remove_menu_page( ‘themes.php’ ); //Appearance
remove_menu_page( ‘plugins.php’ ); //Plugins
remove_menu_page( ‘users.php’ ); //Users
remove_menu_page( ‘tools.php’ ); //Tools
remove_menu_page( ‘options-general.php’ ); //Settings
}
}
add_action( ‘admin_menu’, ‘ps_remove_menus’ );

//* Hide WordPress admin bar for non admin users
function remove_admin_bar() {
if (!current_user_can(‘administrator’) ) {
show_admin_bar(false);
}
}
add_action(‘after_setup_theme’, ‘remove_admin_bar’);

I did checked other plugins but neither seems to interfere at first glance. Maybe I should dig further ?

Waiting for your reply.

Regards.

Patrick

December 6, 2017 at 9:10 pm

Hi Josh, me again !

You were right ! I deactivate the restrict admin function and the spinning wheel is gone !

I am sure there is a way to add a condition statement to allow the wp-admin/admin-ajax.php file to be accessible without compromising the restriction requirement ?

December 7, 2017 at 5:47 am

Thank you Tony ! It works !

Hope that does not create a breach where a non-admin could access the admin area, although I have disabled all menus for non-admin users. Not sure 100% what I am doing at this point. Guest I’ll need to evaluate all access cases.

December 7, 2017 at 5:38 pm

I am building a membership site with different user permissions. Some users will have no capabilities (not even read capability) and will have access to a limited number of member’s pages, while others will have custom predefined capabilities that will allow them to access additional front end member’s pages. I want to prevent (most) non-admin users from seeing the WordPress admin screen when they are logging in through the WordPress login screen (/wp-admin or /wp-login) instead of my custom front end login form. The ps_remove_menus() function will allow me to customize admin menu sidebar for Contributors, Editors and Events Administrators (the conditional statement is not yet defined and is presented for test purposes). The remove_admin_bar() function may now be useless as all cases are managed through either the ps_remove_menus() function or the restrict_admin() function.

Hope that clarifies things (a little !)… Please feel free to ask any other questions as I appreciate being challenged on my work. I only have intermediate level PHP programming skills !