{"id":189353,"date":"2024-04-21T15:39:37","date_gmt":"2024-04-21T15:39:37","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/admin-only-dashboard\/"},"modified":"2026-04-04T13:09:44","modified_gmt":"2026-04-04T13:09:44","slug":"admin-only-dashboard","status":"publish","type":"plugin","link":"https:\/\/lmo.wordpress.org\/plugins\/admin-only-dashboard\/","author":21096513,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.3.0","stable_tag":"1.3.0","tested":"7.0","requires":"6.5","requires_php":"7.0","requires_plugins":null,"header_name":"UserFlow","header_author":"Ga Satrya","header_description":"This plugin allows you to restrict access to the dashboard area, ensuring that only administrators have the privilege to manage and control your site's backend.","assets_banners_color":"","last_updated":"2026-04-04 13:09:44","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/wordpress.org\/plugins\/admin-only\/","header_author_uri":"https:\/\/www.ctaflow.com\/","rating":5,"author_block_rating":0,"active_installs":10,"downloads":1995,"num_ratings":1,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"gasatrya","date":"2025-05-10 04:37:59"},"1.1.0":{"tag":"1.1.0","author":"gasatrya","date":"2025-09-25 03:20:37"},"1.1.1":{"tag":"1.1.1","author":"gasatrya","date":"2026-02-12 15:25:23"},"1.2.5":{"tag":"1.2.5","author":"gasatrya","date":"2026-02-22 17:55:13"},"1.3.0":{"tag":"1.3.0","author":"gasatrya","date":"2026-04-04 13:09:44"}},"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":1},"assets_icons":{"icon-256x256.png":{"filename":"icon-256x256.png","revision":3498794,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":[],"assets_blueprints":{"blueprint.json":{"filename":"blueprint.json","revision":3498794,"resolution":false,"location":"assets","locale":"","contents":"{\"landingPage\":\"\\\/wp-admin\\\/options-general.php?page=admin-only-settings\",\"features\":{\"networking\":true},\"steps\":[{\"step\":\"login\",\"username\":\"admin\",\"password\":\"password\"},{\"step\":\"installPlugin\",\"options\":{\"activate\":true},\"pluginData\":{\"resource\":\"wordpress.org\\\/plugins\",\"slug\":\"admin-only-dashboard\"}}]}"}},"all_blocks":[],"tagged_versions":["1.0.0","1.1.0","1.1.1","1.2.5","1.3.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3498766,"resolution":"1","location":"assets","locale":""}},"screenshots":{"1":"Plugin settings"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1911,434,602,1932,1914],"plugin_category":[58],"plugin_contributors":[226940],"plugin_business_model":[],"class_list":["post-189353","plugin","type-plugin","status-publish","hentry","plugin_tags-access","plugin_tags-dashboard","plugin_tags-login","plugin_tags-membership","plugin_tags-restrict","plugin_category-user-management","plugin_contributors-gasatrya","plugin_committers-gasatrya"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/admin-only-dashboard\/assets\/icon-256x256.png?rev=3498794","icon_2x":"https:\/\/ps.w.org\/admin-only-dashboard\/assets\/icon-256x256.png?rev=3498794","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/admin-only-dashboard\/assets\/screenshot-1.png?rev=3498766","caption":"Plugin settings"}],"raw_content":"<!--section=description-->\n<p>Remove dashboard access to non-admin users and easily control who can access your WordPress dashboard with simple configuration. By default, only administrators are allowed, but you can now whitelist specific trusted users by username\u2014perfect for developers, VAs, or contractors.<\/p>\n\n<p><strong>Features include<\/strong>:<\/p>\n\n<ul>\n<li>Whitelist specific users by username<\/li>\n<li>Session expiration controls (1-24 hours)<\/li>\n<li>Option to apply session timeout to administrators<\/li>\n<li>Custom redirect URL for blocked users<\/li>\n<li>Secure, validated, and sanitized settings<\/li>\n<li>Hide admin toolbar for non-authorized users<\/li>\n<li>Developer-friendly filters for advanced customization<\/li>\n<\/ul>\n\n<p><strong>Why Choose UserFlow?<\/strong><\/p>\n\n<ul>\n<li><strong>Maximum Protection<\/strong>: Instantly block unauthorized users from accessing sensitive dashboard areas.<\/li>\n<li><strong>Effortless Whitelisting<\/strong>: Grant dashboard access to trusted users (developers, VAs, contractors) without changing their roles. Just add their usernames!<\/li>\n<li><strong>Session Security<\/strong>: Automatically log out users after a set period for bulletproof session management. Choose from multiple timeout intervals and apply to all users or just non-admins.<\/li>\n<li><strong>Custom Redirects<\/strong>: Guide blocked users to a branded page or helpful resource instead of the generic homepage.<\/li>\n<li><strong>Zero Configuration Needed<\/strong>: Works out of the box\u2014only administrators can access the dashboard until you customize settings.<\/li>\n<\/ul>\n\n<p><strong>Perfect For:<\/strong><\/p>\n\n<ul>\n<li>Website owners who want peace of mind<\/li>\n<li>Agencies and developers managing multiple sites<\/li>\n<li>Teams needing granular dashboard access<\/li>\n<li>Anyone serious about WordPress security<\/li>\n<\/ul>\n\n<p>Protect your site, empower your workflow, and deliver a professional experience\u2014all with one lightweight plugin.<\/p>\n\n<p><a href=\"https:\/\/www.ctaflow.com\/plugins\/admin-only-dashboard\/\">Read more detail<\/a><\/p>\n\n<!--section=changelog-->\n<h4>1.3.0<\/h4>\n\n<ul>\n<li>Rebranding: Formally renamed the plugin to <strong>UserFlow<\/strong>.<\/li>\n<li>Added: Support for WordPress 7.0.<\/li>\n<li>Refactor: Moved inline JavaScript and CSS to external files for better security and maintainability.<\/li>\n<li>Improved: Updated settings sidebar to connect with the developer on LinkedIn.<\/li>\n<li>Improved: Settings page formatting and code structure.<\/li>\n<li>Improved: Updated settings labels for better clarity.<\/li>\n<li>Improved: Use <code>wp_validate_redirect<\/code> for more robust same-site URL validation.<\/li>\n<li>Added: <code>admon_access_capability<\/code> filter for developer customization of access rights.<\/li>\n<li>Fix: Updated <code>make-pot<\/code> composer script for Windows compatibility.<\/li>\n<\/ul>\n\n<h4>1.2.5<\/h4>\n\n<ul>\n<li>Performance: Optimized access checks with static caching (memoization) to reduce redundant processing.<\/li>\n<li>Fix: Ensured settings errors and success messages are correctly displayed on the settings page.<\/li>\n<li>Improved: Better UI feedback when saving or resetting settings.<\/li>\n<li>Improved: Added GitHub Actions automated deployment for WordPress.org SVN.<\/li>\n<li>Assets: Added new plugin banners and icons for the WordPress.org repository.<\/li>\n<\/ul>\n\n<h4>1.1.1<\/h4>\n\n<ul>\n<li>Security Fix: Patched Open Redirect vulnerability in URL validation logic.<\/li>\n<li>Improved: Stricter validation for custom redirect URLs.<\/li>\n<li>Improved: Added Contextual Help tabs in settings page.<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Added session timeout management with configurable intervals (1-24 hours)<\/li>\n<li>Added custom timeout duration option (1-168 hours)<\/li>\n<li>Added username whitelist for granting dashboard access to specific non-admin users<\/li>\n<li>Added custom redirect URL for blocked users<\/li>\n<li>Added option to apply session timeout to administrators<\/li>\n<li>Added \"Remember Me\" override functionality<\/li>\n<li>Enhanced security with proper input sanitization and validation<\/li>\n<li>Improved user interface with comprehensive settings page<\/li>\n<li>Added reset to defaults functionality<\/li>\n<li>Updated to follow WordPress coding standards<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>First version<\/li>\n<\/ul>","raw_excerpt":"UserFlow: Only admins can access the dashboard by default. Whitelist trusted users easily, quick setup, and secure.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/189353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=189353"}],"author":[{"embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/gasatrya"}],"wp:attachment":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=189353"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=189353"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=189353"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=189353"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=189353"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=189353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}