FREE
WORDPRESS PLUGIN

Konfyra Access Control

Locks non-admin roles out of /wp-admin/ entirely, redirecting them to a frontend page you choose — a hard enforcement layer, not a login-flow convenience.

Multi-vendor plugins (WCFM, Dokan, MultiVendorX, WC Vendors) redirect vendors to a frontend dashboard after login, and most offer a “backend access” toggle — but those are login-flow conveniences, not hard blocks. A vendor who directly visits /wp-admin/ after logging in can often still land on part of the WordPress backend. The same gap exists for membership plugins (MemberPress, LearnDash) whose members are typically just Subscribers under the hood.

Features

Hard block, not a redirect suggestion

Checked on every admin_init — a direct visit to any wp-admin URL is caught, not just the login flow.

Exempt roles

Administrators always pass through. Exempt additional roles (e.g. Shop Manager) that still need order/product screens.

Configurable vendor redirect

Vendor roles go to a dashboard URL you set. Role checkboxes are pulled from your site’s actual registered roles — no guessing whether it’s called “vendor,” “seller,” or “wcfm_vendor.”

Configurable default redirect

Everyone else (members, students, customers) goes to a path you set — a MemberPress account page, a LearnDash dashboard, anything. Leave blank for automatic WooCommerce My Account or homepage fallback.

AJAX, cron, and REST always exempt

Marketplace and membership plugins route frontend actions through admin-ajax.php internally — this plugin never touches those requests.

Optional admin bar hiding

Closes a smaller information leak — the toolbar exposes plugin names/versions to anyone logged in.

Why it’s different

1
Plugin-agnostic by design. The lockdown itself is plain WordPress role and capability logic — not tied to any one marketplace or membership plugin’s ecosystem. It was built with WCFM/Dokan/MultiVendorX/WC Vendors in mind, but works identically for MemberPress, LearnDash, or any custom role your own code registers.

2
Complements, doesn’t replace, your marketplace plugin’s own settings. This is the hard enforcement layer; your marketplace or membership plugin’s own capability toggles still control what a vendor or member can see and do within their own frontend dashboard.

3
Works with zero configuration. Fresh install falls back sensibly to WooCommerce My Account (if active) or the homepage — you’re not required to configure a redirect path before it does something reasonable.

4
Built-in lockout recovery. If a misconfiguration locks you out, deleting the plugin’s folder via FTP/file manager restores your own access immediately — WordPress deactivates a plugin automatically when its files disappear.

Software requirements

Requirement Minimum
WordPress 5.8 or newer
PHP 7.4 or newer
Other plugins None required — works standalone. Pairs well with WCFM, Dokan, MultiVendorX, WC Vendors, MemberPress, or LearnDash, but doesn’t depend on any of them.

How it compares

Based on each product’s public pricing and documentation as of publication.

  Konfyra Access Control WP Frontend Admin WP User Frontend Pro Controlled Admin Access
Core focus One job: block wp-admin by role, redirect elsewhere Broad: rebuild any wp-admin page as a frontend page/web app Broad: frontend post submission, forms, memberships, payments Different: temporary admin access with expiry + action logging
Price Free $79/site, lifetime From $49/year Free + paid tiers
Setup time for this one job Minutes — a handful of checkboxes Access restriction is one feature inside a much larger tool Content/menu restriction is one module among many Aimed at temporary staff access, not permanent role lockdown
Works without a page builder ✓ No frontend pages to build Requires building frontend pages with shortcodes Requires its drag-and-drop form builder

The well-known free alternative is a hand-written functions.php snippet (the classic “blockusers_init” pattern) — it does the core block, but with no UI, no role picker, no vendor-vs-everyone-else distinction, and no admin-bar toggle. This plugin is that idea, finished.

Installation guide

Five minutes, no coding required.

1
In wp-admin, go to Plugins → Add New, search “Konfyra Access Control,” click Install then Activate. (Or upload the zip via Plugins → Add New → Upload Plugin.)
2
Go to Settings → Konfyra Access Control.
3
Under Roles allowed in wp-admin, check any staff role that still needs backend screens — Shop Manager is checked by default. Leave everything else unchecked.
4
Under Vendor roles, check whichever role your marketplace plugin created (e.g. “wcfm_vendor,” “seller,” “vendor”), and set the Vendor dashboard path they should land on.
5
Optionally set a Default redirect path for everyone else (members, students, customers) — or leave blank for automatic fallback.
6
Click Save Changes.
Before enabling on a live site: test on staging first, same as any access-control change. Confirm your Shop Manager (or equivalent staff) role is checked under “Roles allowed in wp-admin” before saving — it’s exempt by default on first activation, but double-check after your first save.
Locked yourself out? Connect via FTP/SFTP or your host’s file manager and rename or delete the konfyra-access-control folder in wp-content/plugins/ — WordPress deactivates a plugin automatically when its files disappear, restoring your own access immediately.

Konfyra Access Control is licensed GPLv2+. Not affiliated with, endorsed by, or sponsored by Automattic, WooCommerce, weDevs (Dokan), WCFM, MultiVendorX, WC Vendors, or MemberPress — their names are mentioned solely to describe compatibility.
konfyra.com