What is the WordPress admin dashboard?

The WordPress Dashboard is the first screen that will be visible when you log into the administration area of your website. It is the control panel for the entire WordPress website that serves as an overview, and is where you can create and manage all content pertaining to the website. You can always navigate to the WordPress admin dashboard by adding /wp-admin to the end of your WordPress website.

Menu structure

WP dashboard | Menu Structure

Within the WordPress Dashboard, there is the navigation menu on the left that includes all main options:

  • Posts: This is where your blog posts are located. You can select to view all posts, add a new post, or view categories or tags.
  • Custom post type: There is also a custom post type menu option (available when plugins create custom post types), that allows you to indicate the type of content created, such as for books, reviews, or products. An example here is Woocommerce, as the plugin would need to register as a custom post type (product) in order to work.
  • Media: This is where all of your photos, videos, etc., are located. 
  • Pages: This is where you cab view all of your website’s different pages, or add a new page.
  • Comments: This is where you can see all comments left on your blog.
  • Appearance: This is where everything related to the aesthetic of your website is located—such as themes, headers, backgrounds, etc.
  • Plugins: Here you can view or add to your existing plugins to add more functionality to your website.
  • Users: This is where you can add users with various permissions or edit your own profile.
  • Tools: This is where you can perform management tasks, such as importing or exporting your content.
  • Settings: Here you can control the various settings related to your site, including title, comments, and media.

Keep in mind that you can programatically add any menu or submenu item to the menu via plugins and themes.

Permissions and user roles affecting dashboard

WordPress user roles are created to provide a site owner with security through the ability to dictate what other users can and cannot do throughout their site. Through the determined roles, a site owner can manage user access to tasks such as:

  • Writing and editing posts
  • Creating Pages
  • Creating categories
  • Moderating and responding to comments
  • Managing plugins and themes
  • Changing or editing other user roles

WordPress has six predefined roles as follows:

  • Super Admin: A Super Admin is a user with access to all multisite network administration features.
  • Administrator: An Administrator is a user who has access to all of the administration features within a single website.
  • Editor: An Editor is a user who is able to publish and manage posts, including those created by other users.
  • Author: An Author is a user who is able to write and manage only their own posts.
  • Contributor: A Contributor is a user who can write and manage their own posts, but cannot publish it themselves.
  • Subscriber: A subscriber is a user who only has access to managing their own profile (updating user profiles, changing their password).

These are the six main roles in WordPress, and the tasks each one is able to perform are called Capabilities. The Capabilities in these cases would include tasks such as “publish_posts” and “moderate_comments”. While the Capabilities assigned to each role is predetermined, they can be edited. Users with different roles and permissions see only some menus, for example, if the user does not have “managing plugins and themes” permission they may not see the plugins menu, or if they don’t have permission to change wp options, they won’t see the settings menu.

site_url vs home_url affecting WordPress dashboard

The site_url is where WordPress files are located for your website, whereas home_url is the actual website address. When adding /wp-admin to site_url, it will always give the location of the WordPress Admin Area.

Limiting access to WordPress dashboard

As the WordPress Dashboard is where you can create and manage all content pertaining to the website, it is important to be selective about access to it. There are a few different ways to go about this, one of which has already been covered: user roles and permissions. 

Beyond that and especially if you run a site based on memberships, you can also add code to your functions.php file that would block all non-admin users from the dashboard in its entirety. You would just need to add the following code at the end of your functions.php file:

add_action( 'init', 'blockusers_init' ); function blockusers_init() 
{ if ( is_admin() && ! current_user_can( 'administrator' ) && ! 
( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) { wp_redirect( home_url() );
 exit; } }

And finally you can also use a plugin that will limit access to specific non-admin users and even redirect specific users to a different web page. WordPress has a free option: Remove Dashboard Access you can download that will enable you to:

  • Limit Dashboard access to admins only, admins + editors, admins + editors + authors, or limit by specific capability.
  • Choose your own redirect URL
  • Optionally allow user profile access
  • Optionally display a message on the login screen