In some cases you may not wish that blog registered users edit some part of theirs user profile. Let’s see how we can achieve this purpose.
1) In case you decide to prohibit user change his password use special WordPress filter show_password_fields
:
if (is_admin()) {
add_filter('show_password_fields', 'show_password_fields');
function show_password_fields() {
if (current_user_can('administrator')) {
return true;
}
return false;
}
}
Add this code to your active theme functions.php
file to apply it at your site.
2) It is possible to disable any input field at user profile. Just look source code of the user profile page, find input field ID and use it in the code below. Let’s apply the code to the ’email’ and ‘role’ fields, for example:
add_action('admin_init', 'user_profile_fields_disable');
function user_profile_fields_disable() {
global $pagenow;
// apply only to user profile or user edit pages
if ($pagenow!=='profile.php' && $pagenow!=='user-edit.php') {
return;
}
// do not change anything for the administrator
if (current_user_can('administrator')) {
return;
}
add_action( 'admin_footer', 'user_profile_fields_disable_js' );
}
/**
* Disables selected fields in WP Admin user profile (profile.php, user-edit.php)
*/
function user_profile_fields_disable_js() {
?>
<script>
jQuery(document).ready( function($) {
var fields_to_disable = ['email', 'role'];
for(i=0; i<fields_to_disable.length; i++) {
if ( $('#'+ fields_to_disable[i]).length ) {
$('#'+ fields_to_disable[i]).attr("disabled", "disabled");
}
}
});
</script>
<?php
}
This code could be used at the theme functions.php
file also.
If you wish to apply this restriction for selected role only (‘custom_role’ for example), use this variant of user_profile_fields_disable()
function:
function user_profile_fields_disable() {
global $pagenow;
// apply only to user profile or user edit pages
if ($pagenow!=='profile.php' && $pagenow!=='user-edit.php') {
return;
}
// do not change anything for the administrator
if (current_user_can('administrator')) {
return;
}
if (current_user_can('custom_role') {
add_action( 'admin_footer', 'user_profile_fields_disable_js' );
}
}
3) If you decide to fully block access of your blog subscribers to their user profiles you may automatically redirect them to the home page after try to access any page at WordPress admin back-end:
function redirect_subscribers() {
global $current_user;
if (defined('DOING_AJAX') && DOING_AJAX===true ) {
return;
}
if ($current_user instanceof WP_User) {
if (current_user_can('subscriber')) {
wp_redirect(site_url());
exit;
}
}
}
add_action('admin_init', 'redirect_subscribers');
4) In case you wish to block user “Profile” menu only and leave user access to the admin back-end, e.g. for users with “Contributor” role, follow this post from the partner shinephp.com site: “How to block WordPress admin menu item”.