Lock the WordPress dashboard for everyone except who you trust.
UserFlow blocks non-admin users from wp-admin instantly. Whitelist trusted users, set session timeouts, and redirect blocked visitors — all from one settings screen.
By default, anyone with a WordPress account can reach the dashboard.
Subscribers, customers, and former contractors retain backend access long after they need it. Each open account is a potential entry point.
Open doors
- —Every user role can access /wp-admin
- —No session timeout enforcement
- —Blocked users see a generic error or get redirected unpredictably
Granular control
- —Only whitelisted usernames reach the dashboard
- —Configurable session expiry logs out idle users
- —Custom redirect sends blocked users to a branded page
Seven layers of dashboard protection. None of the bloat.
Whitelist by username, enforce session timeouts, hide the toolbar, and redirect blocked users — all from a single settings screen.
Username whitelist
Grant dashboard access to specific non-admin users by username — no role changes needed.
Session expiration
Auto-logout idle users after 1–24 hours. Apply to all users or only non-admins.
Hide admin toolbar
Remove the WordPress admin bar for unauthorized users so the backend stays invisible.
Custom redirect URL
Send blocked users to any page — a branded landing page, login screen, or help doc.
Zero configuration
Works immediately after activation. Only administrators can access the dashboard until you customize.
Developer filters
Extend access rules with `admon_access_capability` and other hooks for advanced customization.
Lightweight & secure
Validated, sanitized, and follows WordPress coding standards. No external dependencies.
Anyone serious about WordPress security.
From solo site owners to agencies managing dozens of installations, UserFlow fits wherever dashboard access needs boundaries.
Peace of mind
Know that only trusted people can reach the backend. Install, activate, and sleep better.
Multi-site handoff
Hand off sites to clients without worrying about accidental changes or settings drift.
Temporary access
Give VAs or developers dashboard access by username, with session timeouts that auto-expire.
Protect member areas
Keep member dashboards secure. Only paying members with whitelisted usernames get through.
Lock the dashboard in under a minute.
- Install UserFlow from the WordPress plugin directory.
- Activate it — non-admin users are blocked from /wp-admin immediately.
- Open Settings → UserFlow to whitelist usernames and configure session timeouts.
- Set a custom redirect URL and save. Done.