For many WordPress developers, building a website where there is only a content producer who is going to access the Admin area of WordPress is fairly easy. You know before hand which users will have access and you can prepare and lock down the site accordingly. The “fun” begins with you begin allowing visitors / users / customers / clients to register for accounts on the WordPress site.
That’s when THIS begins to happen for users…
Why should your subscribers even be allowed to see the “underbelly” of WordPress (as described by my older neighbor). Yes, you probably want to offer the ability to update profile information for subscribers, but most developers are going to do that on the front end of the site, in an area that is much easier to style. And while most “front end user profile” WordPress plugins may redirect logged in users to their new better looking profile/account pages, many of them don’t block access to the Admin area.
This is where the good stuff happens. The following code does two things. It first checks to make sure the current user is NOT an Administrator and checks to see if that current user is trying to access any of the Admin pages in WordPress (essentially the <em>/wp-admin/</em> folder). If the code decides you shouldn’t have access it simply redirects the page load to go to the homepage.
You can adjust the “location” of the redirection by changing the home_url() to a different URL.
This is an excellent code snippet to save and/or use for all your sites that you are working to “lockdown” and protect your users from having access to the admin areas of WordPress.