Lock the WordPress dashboard for everyone except who you trust.

UserFlow blocks non-admin users from wp-admin instantly. Whitelist trusted users, set session timeouts, and redirect blocked visitors — all from one settings screen.

Non-admin users blocked

By default, anyone with a WordPress account can reach the dashboard.

Subscribers, customers, and former contractors retain backend access long after they need it. Each open account is a potential entry point.

Open doors

  • Every user role can access /wp-admin
  • No session timeout enforcement
  • Blocked users see a generic error or get redirected unpredictably

Granular control

  • Only whitelisted usernames reach the dashboard
  • Configurable session expiry logs out idle users
  • Custom redirect sends blocked users to a branded page

Seven layers of dashboard protection. None of the bloat.

Whitelist by username, enforce session timeouts, hide the toolbar, and redirect blocked users — all from a single settings screen.

Username whitelist

Grant dashboard access to specific non-admin users by username — no role changes needed.

whitelisttrusted users

Session expiration

Auto-logout idle users after 1–24 hours. Apply to all users or only non-admins.

timeoutsession

Hide admin toolbar

Remove the WordPress admin bar for unauthorized users so the backend stays invisible.

toolbarfrontend

Custom redirect URL

Send blocked users to any page — a branded landing page, login screen, or help doc.

redirectbranded

Zero configuration

Works immediately after activation. Only administrators can access the dashboard until you customize.

plug and playdefaults

Developer filters

Extend access rules with `admon_access_capability` and other hooks for advanced customization.

hooksextensible

Lightweight & secure

Validated, sanitized, and follows WordPress coding standards. No external dependencies.

no bloatWPCS

Anyone serious about WordPress security.

From solo site owners to agencies managing dozens of installations, UserFlow fits wherever dashboard access needs boundaries.

Peace of mind

Know that only trusted people can reach the backend. Install, activate, and sleep better.

Website owners

Multi-site handoff

Hand off sites to clients without worrying about accidental changes or settings drift.

Agencies & developers

Temporary access

Give VAs or developers dashboard access by username, with session timeouts that auto-expire.

Teams with contractors

Protect member areas

Keep member dashboards secure. Only paying members with whitelisted usernames get through.

Membership sites

Lock the dashboard in under a minute.

  1. Install UserFlow from the WordPress plugin directory.
  2. Activate it — non-admin users are blocked from /wp-admin immediately.
  3. Open Settings → UserFlow to whitelist usernames and configure session timeouts.
  4. Set a custom redirect URL and save. Done.