How to disable profile.php in WordPress

I recently had to setup a demo site with a demo user in WordPress and wanted to lock down the user as much as possible to prevent any bad behavior. Creating a new role with limited permissions is easy but I had to spend some time to figure out how to prevent a user from editing their own profile. There is not really any good way to do this with what actions/filters in the profile.php/user_edit.php files, so I decided the best thing to do would be to kill the page on the load action. Here is the function I came up with:

admin.php called the action ‘load-$pagenow’, $pagenow variable is profile.php for the profile and user-edit.php for the user edit screen. You have to handle both pages because a clever WordPress user might know that they can edit their profile with both pages. So, when these actions are called, I call my function that disables the page. Because this is a demo site with a single demo user, I just care about blocking it for that user id. So, I get the current logged in user’s information, check to see if that user is the user I want to block, then run the wp_die() command which is a much cleaner version of the PHP die comment. That’s it, now you can block the profile.php page from ever being displayed by a user, even when accessed directly.

Comments

  1. Can you please tell me where do I place this in order to use it? It would be a big help thank you.
    function disable_user_profile() {

    if ( is_admin() ) {

    $user = wp_get_current_user();

    if ( 2 == $user->ID )
    wp_die( ‘You are not allowed to edit the user profile on this demo.’ );

    }

    }
    add_action( ‘load-profile.php’, ‘disable_user_profile’ );
    add_action( ‘load-user-edit.php’, ‘disable_user_profile’ );

  2. Hi Lew,

    A very nice snippet, just one question here. What if we want to do this for all subsribers and contributers?

    • That’s easy…

      • Thank you for the fast responce, is instead the wp_die also a redict to home possible?
        I tried wp_redirect(home_url()); but that seems not to work for wahtever reason.
        Thanks in advance for all time and effort.

        • wp_redirect has to be called earlier than the load-profile.php and load-user-edit.php actions. You’d probably have to call an earlier action (I think ‘wp’ would work) and check for the hook_suffix (or some similar global variable) to redirect.

        • Alternatively, you could add a link to the wp_die statement to return to the previous page or home page.