plugin-icon

Konfyra Access Control

Locks non-admin roles out of wp-admin entirely, redirecting them to a frontend page you choose instead.
Versión
1.1.0
Última actualización
Jul 14, 2026
Konfyra Access Control

Multi-vendor plugins (WCFM, Dokan, MultiVendorX, WC Vendors) generally redirect vendors to a frontend dashboard after login, and most offer a capability toggle for «backend access.» In practice, both of those are login-flow conveniences, not hard access controls — a vendor who directly visits /wp-admin/ after logging in can often still land on some part of the WordPress backend. The same gap exists for membership and course plugins (MemberPress, LearnDash, etc.) whose members are typically just Subscribers under the hood.

This plugin adds the missing hard block:

  • Every /wp-admin/ request is checked on admin_init.
  • Administrators (and any role you explicitly exempt — e.g. Shop Manager) pass through untouched.
  • Everyone else is redirected: configured «vendor» roles go to your vendor dashboard URL; everyone else goes to a default path you configure — a MemberPress account page, a LearnDash dashboard, anything — or, if left blank, WooCommerce My Account (if active) or the homepage.
  • AJAX (admin-ajax.php), cron, and REST requests are always left alone, since marketplace and membership plugins alike route frontend actions through them internally. Blocking these would break the site, not just the backend.
  • The admin toolbar is optionally hidden on the frontend for restricted roles too, closing a smaller but related information leak (plugin names/versions, site health notices).

This isn’t tied to any one plugin’s ecosystem — the lockdown itself is plain WordPress role and capability logic. It was built with WCFM / Dokan / MultiVendorX / WC Vendors marketplaces in mind, but works identically for MemberPress members, LearnDash students, or any custom role your own code registers.

All of this is configured from Settings Konfyra Access Control — the role checkboxes are populated from the roles actually registered on your site, so there’s no need to guess whether your plugin calls its vendor role vendor, seller, wcfm_vendor, or dc_vendor.

A note on trademarks

This plugin is not affiliated with, endorsed by, or sponsored by Automattic, WooThemes/WooCommerce, weDevs (Dokan), WCFM, MultiVendorX, WC Vendors, or MemberPress. Their names are mentioned solely to describe compatibility.

Before enabling on a live site

Test on staging first, same as any access-control change. If you use a Shop Manager (or similar staff) role that needs order/product screens in wp-admin, make sure to check that role under «Roles allowed in wp-admin» before saving — it’s exempt by default on first activation, but confirm it after your first save.

Gratisen planes de pago
Probado hasta
WordPress 7.0.1
Te puedes descargar este plugin para utilizarlo en tu sitio de .