Skip to main content

BackendMenu

Vasyl MartyniukAbout 1 min

Syntax

BackendMenu:<menu-id>

Definition

The WordPress core does not have the true concept of a unique menu id. The uniqueness of each menu or submenu item determines by its URI (e. g. edit.php?post_type=page or options-reading.php).

With AAM 6.0.0 or higher, we attempted to make it easier to find a correct URI for any specific menu item. Navigate to the Backend Menu tab, and each menu item includes the "more details" link. The ID attribute is the one that you should use with the BackendMenu resource.

Backend Menu More Details

The following statement hides and denies direct access to the "Tools->Import" page.

{
    "Statement": [
        {
            "Effect": "deny",
            "Resource": "BackendMenu:import.php"
        }
    ]
}

When you need to restrict access to the whole menu item with all the sub-items (e. g. "Plugins" or "Appearance"), then prepend the menu ID with the menu- prefix. In the example statement below, we deny access to see or manage the "Plugins" menu with all submenus.

{
    "Statement": [
        {
            "Effect": "deny",
            "Resource": [
                "BackendMenu:menu-plugins.php"
            ]
        }
    ]
}

FYI!

AAM restricts direct access to a page linked to the protected menu item.

With the premium Complete Package we also added the ability to use the wildcard * denotation to target all menus and submenus. It is helpful when you need to grant access only to a few menu items and ensure that if a new or existing plugin introduces a new menu, it is protected unless you explicitly allow it. For example, the statement below restricts access to all the menu items except the "Posts".

{
    "Statement": [
        {
            "Effect": "deny",
            "Resource": [
                "BackendMenu:*"
            ]
        },
        {
            "Effect": "allow",
            "Resource": [
                "BackendMenu:menu-edit.php"
            ]
        }
    ]
}

Note!

AAM does not allow restricting access to the "Dashboard" menu /wp-admin/index.php because it is the default redirect page all users after login. To completely restrict access to the entire backend area, consider locking down the backend area.

Common Menu IDs

Below you can find the list of most common admin menu item IDs.

  • Posts: menu-edit.php
  • Media: menu-upload.php
  • Pages: menu-edit.php?post_type=page
  • Comments: menu-edit-comments.php
  • Appearance: menu-themes.php
  • Plugins: menu-plugins.php
  • Users: menu-users.php
  • Tools: menu-tools.php
  • Settings: menu-options-general.php

By visiting this website, you accept our transparent privacy policy.

Accept