Remove menu items from admin page and limit capabilities

In your case best solution is create your own custm role and assign them only the capabilities you users need. Regarding wordpress, for what I can understand from your question the only cabability you should give them is read.

In this way they will see only the profile. Problems start with the plugin, you don’t say (or I don’t understand) which is the plugin you are using so I can’t give better help.

Consider that a lot depends on how plugin is coded: if it checks for some standard capabilities, e.g. you find in the code something like

if ( currrent_user_can('edit_posts') ) { // do stuff

it means that to make it work you have to assign the edit_posts cap to your role. But this is a problem: if you assign that capability the Postmenu in admin will be shown. Of course you can remove that using remove_menu_page, but as you said in question, this not prevent user access directly to that admin screens if they know how to do.

So what I suggest to you is:

  1. Create your custom role, start with assign to that only the read cap
  2. See docs for your plugin and/or look at the code to understand wich capabilities is required to make it works.
  3. Add these required capabilities to your role. If some standard caps are required, (and so some standard menu will be shown, remove them with remove_menu_page
  4. In that case, to prevent direct access, thanks to the fact you have created a custom role, you can prevent the access to admin screen hooking into load-{$page} action and prevent access to your custom role.
  5. In backend, got to Settings -> General and make ‘Custom Role’ as New User Default Role

How To

1) Create Role

$subscriber = get_role( 'subscriber');
$plugin_caps = array('edit_posts', 'cap_required_by_event_plugin');
$all_caps = array_merge($subscriber->capabilities, $plugin_caps);
add_role('custom_role', 'Custom Role', $all_caps );

2) Understand the capability required by plugin

Look at plugin docs. Do a multiple file search into the plugins folder, searching for keywords like 'current_user_can', 'user_can', 'has_cap'. If you have problem try to ask on plugin support forum (if exists), ask here and google it. Developer is and hard work! 😉

3) Add required capabilities to your role

Easiest way is just add the required cap to the $plugin_caps array defined on point 1).

4) Prevent access to screen even if the capability is attached to custom role

Assuming you have to add the edit_posts cap to your role in order to make event plugin works.
First of all remove the menu.

add_action( 'admin_menu', 'custom_remove_menu_pages' );

function custom_remove_menu_pages() {
  $user = wp_get_current_user();
  if ( in_array('custom_role', $user->roles) ) {
    remove_menu_page('edit-comments.php');  
    remove_menu_page('tools.php');  
    remove_menu_page('edit.php'); 
  }
}

Then prevent access:

add_action( 'load-edit.php', 'custom_prevent_admin_access' );
add_action( 'load-tools.php', 'custom_prevent_admin_access' );
add_action( 'load-post.php', 'custom_prevent_admin_access' );
add_action( 'load-post-new.php', 'custom_prevent_admin_access' );

function custom_prevent_admin_access() {
  $user = wp_get_current_user();
  if ( in_array('custom_role', $user->roles) ) {
    wp_die("Sorry, you can't stay here.");
    exit();
  }
}

5) Set ‘Custom Role’ as New User Default Role

enter image description here

That’s all, hope it helps.

Related Posts:

  1. What is valid timing of using current_user_can() and related functions?
  2. Disable posts, only allow to edit existing pages, not create new ones (create_posts)
  3. Multiple Authors on Single Post
  4. Prevent all users from editing posts except admins using hooks
  5. What action should I hook into when adding roles and capabilities?
  6. Allow Contributor to change the author of his own post?
  7. What’s the difference between Role and Meta capabilities; When to use map_meta_cap() filter
  8. Add Custom User Capabilities Before or After the Custom User Role has Been Added?
  9. add_menu_page permissions – what am I doing wrong?
  10. How can I grant capabilities directly to users (not roles) in wp-admin?
  11. How to get all capabilities of an existing user role
  12. What exactly is WordPress?
  13. Menu capability in WordPress
  14. Does the “promote_users” capability allow someone to create a new admin account?
  15. current_user_can( ‘edit_post’, $post_id ) does not work for contributer but for administrator
  16. Add user capability and check against it
  17. Listing all capabilities in dropdown is returning boolean
  18. Add Media Upload Capabilities Needed for Custom Role for non-Posts
  19. add_cap only adding the first two in array
  20. Is there a simple way to manage capabilities per user?
  21. How can I prevent a writer from being able to edit an article that has been scheduled?
  22. Check whether user can delete a given post
  23. How can I set status=’publish’ for all featured images?
  24. How to check if a role has a specific capability
  25. How to remove sticky post capability for a specific user role?
  26. How can I have different groups of editors only allowed to edit certain parent+subpages?
  27. Allow unfiltered HTML in titles for low level users?
  28. Allow users to set a post author
  29. Unify the roles and caps?
  30. current_user_can Not Always Working Properly
  31. current_user_can capabilities in the admin not working as expected
  32. Remove wordpress author’s capability to moderate comments on their own posts
  33. Filter list of rules based on a capability
  34. Using author_can() on custom post types in WordPress
  35. Can you set a role as author?
  36. How to show a admin bar menu item only to users with certain capabilities?
  37. Are User Levels Still Currently Used?
  38. Restricted user capabilities cannot add image
  39. User capability per post
  40. Roles for Custom Post Types
  41. How come I see a manage_categories capability but not a manage_tags capability for any users?
  42. Theme option editing capability problems
  43. Allow Contributor to edit published post and filter by page id
  44. Applying roles to an admin sub-menu (eg Appearance -> Menus)
  45. read_post meta capability for anonymous users
  46. Admin cannot publish
  47. You do not have sufficient permissions to access this page on a submenu
  48. Usage of current_user_can()
  49. Is it wise not to use only meta capabilities for certain basic post types?
  50. Remove capability from specific user
  51. What capabilities are assigned to unauthenticated users?
  52. Capabilities Not Changing
  53. Assign multiple roles , overlapping capabilities
  54. Administrator role capabilities
  55. Hiding custom theme functionality using capabilities
  56. How to get all capabilities
  57. User Capabilities are not available in WP REST permission callback?
  58. WordPress remove capability post ,media completely for custom role
  59. Add capability to “Editor” role to be able to view all users attachments
  60. Why cannot author edit pages?
  61. Add capability to a role , so user is only able to view his own posts
  62. Plugin page and capabilities
  63. Unable to access custom plugin backend
  64. How to let a role handle media without post permissions
  65. how to change capability required to view an admin page? [duplicate]
  66. insufficient permissions; coding an action for plugin governed by custom capability
  67. How to hide plugin options for editors via functions.php
  68. Why “Mine” is the default view when adding ‘capability_type’ in register_post_type
  69. Set edit capability based on ACF relationship
  70. See which user role / capability is needed to use a plugin
  71. How can restrict certain users from delete a category but can view only in wordpress?
  72. Delete admin edit/delete links in users list wordpress admin
  73. Create a Capability category to group a few custom Capabilities
  74. Capability to edit post slugs
  75. admin can not change author profile picture
  76. Remove Custom Capability
  77. Force “submit for review” on update?
  78. Changing capability type without altering plugin
  79. Can’t create new Pods pages
  80. Is there a way of retrieving the core WP capabilities?
  81. Pricing Tables admin page capability
  82. Best Roles and Capability on a site with review features using a front end custom post
  83. Not able to give editors acess to new admin menu item
  84. Manage Roles and Capabilities on Multi-site
  85. current_user_can() returning true for capability when the user and role do not have the capability
  86. How might I enable a user to view Draft pages from a different Author, without the ability to edit?
  87. WordPress can’t find temporary folder, but folder it’s looking at has correct permissions
  88. Allow Users Access to Custom Post Type Only
  89. Correct wp-content ownership and permissions
  90. Custom Taxonomies Cababilities
  91. Prevent WordPress installing plugins and themes via Admin
  92. Fix permissions for users role
  93. Disable user from updating certain posts
  94. Auto-update failing with “hardened” permissions
  95. custom plugin not visible to some user roles
  96. Capabilities not working with custom post type
  97. user_has_cap filter allows “edit_others_posts” but not is not allowing updating/publishing
  98. Remove dashboard links from wordpress
  99. Admin Access for specific page(s)
  100. Why can I upload files but need FTP login for plugins
techhipbettruvabetnorabahisbahis forumutaraftarium24eduedusedusedusedusedusedusedueduedu