How to Restrict Access to all wp-admin pages for subscriber users

Hence, I want to block access of subscribers to all wp-admin
menus/plugin pages including this link
https://mywebsite.com/wp-admin/user-edit.php?user_id=113

This isn’t a bulletproof solution, but it should work in that non-admin users would no longer be able to access any admin pages when they’re logged-in:

add_action( 'admin_init', function () {
    if ( wp_doing_ajax() || ! is_user_logged_in() ) {
        return;
    }

    $roles = (array) wp_get_current_user()->roles;
    if ( ! in_array( 'administrator', $roles ) ) { // allows only the Administrator role
        wp_die( 'Sorry, you are not allowed to access this page.' );
        // or you can redirect the user to somewhere, if you want to
    }
} );

But then, you might want to change the login and registration redirect URL so that it doesn’t send the user to an admin page upon successful login/registration — see the documentation for login_redirect and registration_redirect.

Problem with that is that they can then create an API key (through
application passwords plugin which is accessible from that page).

I can’t help you with that plugin, but unless if you’re still using WordPress prior to v5.6.0, then you should not need to use a plugin anymore because application passwords has been a core feature in WordPress since v5.6.0. And there’s actually a hook named wp_is_application_passwords_available_for_user that you could use to disable the feature for certain users.

This is undesirable as I dont want the users to have API keys where
they can fetch/post data to server.

If so, and since you said in your comment, “The rest api is restricted for authenticated users“, then how about using the rest_authentication_errors hook to ensure only Administrators allowed to access the REST API?

Working example:

add_filter( 'rest_authentication_errors', function ( $errors ) {
    if ( ! is_wp_error( $errors ) ) { // do nothing if there's already an error
        if ( $can_access = is_user_logged_in() ) {
            $roles      = (array) wp_get_current_user()->roles;
            $can_access = in_array( 'administrator', $roles ); // allows only the Administrator role
        }

        if ( ! $can_access ) {
            return new WP_Error( 'user_not_allowed',
                'Sorry, you are not allowed to access the REST API.',
                array( 'status' => rest_authorization_required_code() )
            );
        }
    }

    return $errors;
} );

Related Posts:

  1. adding the category to the admin column for a custom post type?
  2. Change page title in admin area
  3. How to filter by post-format in admin?
  4. sortable custom column in media library
  5. how do I force a single column layout in screen layout
  6. Make fonts.com font work in TinyMCE (iframe referrer issue)
  7. Sortable admin columns, when data isn’t coming from post_meta
  8. wp_list_table search box does not show
  9. How to remove the site health dashboard widget?
  10. Securing wp-admin folder – Purpose? Importance?
  11. How to Display Post Excerpts in Admin by Default?
  12. Wp3.5 Media Gallery Edit modal: change captions to title
  13. What is the capability that permits access to WP-Admin?
  14. WordPress in sub directory wp-admin problem
  15. Admin account only shows Profile and Dashboard with no activity
  16. Opening specific posts on WP takes lot of time and freezes the editor
  17. Adding body class to login page?
  18. Edit a WordPress site without the username and password?
  19. How to load a CSS file into WordPress admin area using Child Theme? [closed]
  20. Getting “Cannot modify header information – headers already sent” error, but only on backend
  21. WordPress admin menu gap when debug mode is enabled?
  22. Call to undefined function insert_with_markers
  23. How can I remove the new stats message? [closed]
  24. How to inhibit dashboard and profile management access to normal users?
  25. Admin Blank Page with Working Front-End After Updating to WordPress 4.6
  26. Why can’t I exclude private posts from this query?
  27. Cannot Access Admin Area After Migration
  28. Modify wp-admin page header ‘viewport’ meta data
  29. The uploaded file exceeds!
  30. Admin table list API?
  31. How to change user admin_color with WP CLI?
  32. Having troubles connecting to WordPress login page using Mamp
  33. WP Admin/ WP Login Redirect to themselves
  34. Unable to log in to localhost wp-admin page on XAMPP server
  35. Remove or move admin submenus under a new menu
  36. Missing ‘Move to Trash’ option from bulk select box
  37. Where can I find admin-header.php file online?
  38. class-wp-hook.php on line 288
  39. Trying to get custom js files in my admin header
  40. Efficient way to check local WordPress php files and Database for malicious code? [duplicate]
  41. How to disable categories/most used in ‘add new post’?
  42. Why am I locked out of the system?
  43. Is it possible to create two different wp-admins for a wp website
  44. Am I able to change the name of /wp-admin/options-general.php?
  45. how to customize the default #adminmenu in wp-admin
  46. blocking the admin section (but still using admin-ajax.php)
  47. How to allow WordPress updates to only one specific administrator?
  48. How can I remove commas when adding tags?
  49. Displaying Title in Title Tag on Edit page?
  50. How to add custom CSS and JavaScript file for wp- admin dashboard (backend)
  51. Cannot change Connection Information in admin interface
  52. How can I remove unwanted word on my WP site?
  53. Add custom fields to a page template, admin side
  54. Error messages & can’t reach admin after upgrading to 3.4.1 WordPress
  55. WordPress blog clone.. wp-admin issue
  56. How to take the help button and link off the dashboard
  57. Newly created user role not displaying on users screen
  58. Could not override the url in wp-config file
  59. How do I fix wp-admin error when exporting reusable blocks?
  60. issue with wordpress [wp-admin] redirects, when using kubernetes ingress hosting two wordpress websites using path
  61. Toggle between block ‘edit content’ and ‘select’ not properly working in WordPress Admin
  62. WordPress Admin extremely slow when other admin logged in
  63. Can’t acces login on new site
  64. WordPress Admin Panel Left Sidebar No showing on Post create page
  65. How to remove the color picker code from users-edit.php
  66. wp-config.php not affecting my site
  67. How to prevent spams from admin-ajax.php file?
  68. After changing Site http to https, can’t access wp login page with a digitalocean hosting
  69. Can’t access WP-Admin via HTTPS
  70. Strange wp-admin problem for all users/adminstrators except the original one?
  71. Get rendered HTML of Page in Admin Area
  72. Having SSL enabled on admin, but disabled on post preview and live preview?
  73. adding existing menu page on new customer user role
  74. stop customize.php redirect to login page if admin is not logged in
  75. Random authentication failures on a load balanced WP setup
  76. Can I get programmatic access to wp-admin?
  77. remove_query_arg on options.php
  78. wp.svgPainter cannot init error, causing issues with admin panel
  79. mysql_escape_string PROBLEM
  80. Google flagged a wp-admin redirect as phishing
  81. Organising and display thousands of photos in media library
  82. Custom comment action
  83. Problem with admin columns
  84. Checkbox not showing as checked on UserProfile (even with checked=”checked”)
  85. Get URL of current featured image with JS in edit post view
  86. get_current_screen – ‘Trying to get property of non-object’ error
  87. Custome column sort by date not title
  88. Block tools menu in wp-admin?
  89. is_admin() triggers error
  90. WordPress Admin: open popup window on a custom button
  91. No HTML/Visual mode option in admin panel (New Post)
  92. Removing Author name
  93. not able to add thumbnail custom field in dropdown
  94. Taking over a WordPress site
  95. WordPress blog fails to open
  96. LinkControl not showing suggestions when used on admin page
  97. Redirecting the user to the admin table area after publishing a post, getting an invalid response error?
  98. How can you change the admin dashboard URL without symlinking?
  99. Degraded WordPress admin dashboard performance [closed]
  100. WordPress Localhost migration issue
tech