You can remove the read capability from subscribers, which is what gives them access to the dashboard. This is best done with an activation hook on a plugin — it only needs to be done once.
<?php
register_activation_hook( __FILE__, 'wpse43054_activation' );
function wpse43054_activation()
{
$role = get_role( 'subscriber' );
if( $role ) $role->remove_cap( 'read' );
}
And, of course, you probably want to give that capability back on plugin deactivation.
<?php
register_deactivation_hook( __FILE__, 'wpse43054_deactivation' );
function wpse43054_deactivation()
{
$role = get_role( 'subscriber' );
if( $role ) $role->add_cap( 'read' );
}
Finally, you can hook into init and redirect folks if they are logged in, try to access the admin area and don’t have the read capability.
<?php
add_action( 'init', 'wpse43054_maybe_redirect' );
function wpse43054_maybe_redirect()
{
if( is_admin() && ! current_user_can( 'read' ) )
{
wp_redirect( home_url(), 302 );
exit();
}
}
You’ll also probably want to remove the admin bar for users with a read capability. You can do that by hooking into get_user_metadata and hijacking the check for the user meta value for show_admin_bar_front.
<?php
add_filter( 'get_user_metadata', 'wpse43054_hijack_admin_bar', 10, 3 );
function wpse43054_hijack_admin_bar( $null, $user_id, $key )
{
if( 'show_admin_bar_front' != $key ) return null;
if( ! current_user_can( 'read' ) ) return 0;
return null;
}
All that as a plugin.