Restrict access to trash, only admin

First of all you have to deny access to trash page in admin. To show trash, the 'post_status' argument for main query must be ‘trash’, so you can check that and redirect if current user is not an administrator:

add_action( 'pre_get_posts', 'deny_trash_access' );

function deny_trash_access( $query ) {
  // nothing to do if not in admin or if user is an admin
  if (
    ! is_admin()
    || ! $query->is_main_query()
    || current_user_can( 'remove_users' )
  ) return; 
  $status = $query->get( 'post_status' );
  if (
    $status === 'trash'
    || ( is_array( $status ) && in_array( 'trash', $status, true ) )
  ) {
    wp_safe_redirect( admin_url() );
    exit();
  }
}

However, that not prevent users to restore or delete permanently posts.

That can be done using ‘wp_insert_post_data’ filter, and if in current post data the post status is “trash”, and a user try to change it, you can abort the editing by forcing 'post_status' to be “trash”:

add_filter( 'wp_insert_post_data', 'prevent_trash_status_change', 999, 2 );

function prevent_trash_status_change( $data, $postarr ) {
  if ( ! isset( $postarr['ID'] ) || empty( $postarr['ID'] ) ) return $data;
  if ( current_user_can( 'remove_users' ) ) return $data; // admin can edit trash
  // get the post how it is before the update
  $old = get_post( $postarr[ID] );
  // if post is trashed, force to be trashed also after the update
  if ( $old->post_status === 'draft' ) { 
    $data['post_status'] = 'draft';
  } 
  return $data;
}

Put this 2 code snippets in your function.php or in a plugin file and you are done.

Related Posts:

  1. Enable plugin installs without FTP with user from same group as Nginx/PHP-fpm
  2. Moved WordPress Directory – Having access issues now
  3. Restrict access to specific content
  4. How to give access to programmer/developer to make changes, but prevent undesirable changes? [closed]
  5. MySQL error 1449: The user specified as a definer does not exist
  6. MySQL Database User: Which Privileges are needed?
  7. Allow member to have access to custom post type only. Permission to only edit their own posts
  8. How to restrict attachment download to a specific user?
  9. WP in Docker – cannot install plugin or upgrade WP
  10. when FS_METHOD = ‘direct’ is chosen?
  11. Create custom permissions for user type
  12. WordPress REST API – Permission Callbacks
  13. How can I hide a category from Contributors in the edit/add new post screen?
  14. Recommended File Permissions
  15. What’s the difference between the permissions “edit_published_posts” and “edit_posts”
  16. Wrong permissions when uploading a file through WordPress | IIS
  17. ftp_nlist() and ftp_pwd() warnings
  18. Restrict users on multisite WordPress install
  19. What permissions should i have set up for the Database User after i have WordPress set up?
  20. Why is group ownership with rwx permissions not enough?
  21. How to restrict a page [without plugin]
  22. Trash bin for categories
  23. How can I limit WordPress editor roles to a specific category?
  24. setting a specific home page for logged in users
  25. Restrict the user access in multi site for non-assigned blogs
  26. Restrict access to the Trash folder in Posts
  27. Error after deleting Custom Post Type with a function (no trash used)
  28. Safe to set permissions to 757 temporarily to update via wp-cli?
  29. Can I create users that have access to *some* other users posts instead of all other users posts?
  30. Set default page for user account in admin
  31. Restrict access to specific users
  32. Does WordPress have fine-grained view permissions?
  33. WordPress stripping html and script tags from some admin users on save
  34. Hide everything on site for visitors except specific page IDs
  35. can’t change footer
  36. permissions access error
  37. wordpress editor role remove all but ‘menus’ in appearance menu
  38. Permissions Issue with WordPress
  39. What user/group does WordPress belong to in terms of file permissions?
  40. Hardening wordpress: wp-content file permissions?
  41. Moved my WordPress site and now it can’t read the theme
  42. WordPress folder ownership issues
  43. How to restrict logged user to view only certain pages?
  44. WordPress unable to create folders even though correct NTFS-rights are set
  45. WordPress php mysql errors – errcode: 13 permission denied
  46. Invalid changeset UUID WordPress
  47. Group ownership permissions don’t allow web server to update WordPress content
  48. Should Apache own /var/www/domain.com directory in WordPress?
  49. WordPress Permissions on my Local with Docker
  50. Permission issue with custom post type – not added to menu – by plugin
  51. Permissions in a Local Dev Environment (OS X)
  52. Running WordPress as FTP user?
  53. Lock access to plugin options
  54. How to to secure WordPress file and folder permissions
  55. Users can only view their content from the front end
  56. How to recover permanently deleted blog posts?
  57. Make pages visible to only logged in members
  58. wp-content Folder Permissions (777 OK?)
  59. How to prevent plugins from being uninstalled
  60. Reseting file permissions
  61. User restricted only show posts assigned to current user
  62. How to cancel an action hooked to untrash_post? or any hook
  63. What is the “user account” for WordPress’ file permissions?
  64. One Site as a part of Multisite to be hidden (Un-published) from Public?
  65. How to hide wordpress error message?
  66. What is this error message?
  67. Hide front-end from every logged out user and redirect them to the default login page
  68. How to restrict an admin page, if the user is not superadmin?
  69. Delete a user from frontend
  70. How to grant user access the page [closed]
  71. WordPress 4.4.2 Update not working
  72. Profiles site with access levels
  73. Is there a way to create folders restricted to specific users to open?
  74. How to make file not open to public but javascript file under WordPress folder can load it
  75. Allow Editor access to a certain plugin
  76. Visitors “do not have permission to view this content” on home page only
  77. Permissions Script Not Working
  78. Remove plugin settings from post creation page for a user role
  79. Blank White page issue in WordPress
  80. Permissions working but not working
  81. Mamp Pro File Permissions
  82. Create a custom “you dont have permission” message
  83. WordPress deletes custom posts instead of trash them
  84. Downloaded WP but Nginx home page still showing
  85. Wordress admin page is fetching error You do not have sufficient permissions to access this page.
  86. WordPress install checking permissions of user id 0
  87. Public and Private keys incorrect for user
  88. Restrict access to custom post type and filter from every query
  89. sufficient permissions to access this page
  90. Restrict my pages from public
  91. Run Jquery Script after delete post in front end
  92. Hide page link in main menu from anonymous users
  93. MySQL Database User: Which Privileges are needed?
  94. the_tags only showing when logged in?
  95. Configuring WordPress permissions for easy updates
  96. Plugins Page – “Page disabled by the administrator”
  97. WordPress files owner changed silently
  98. How to stop login for SPECIFIC users BEFORE a specified date
  99. Multisite Login Access Restrictions
  100. WP Permission still set to Not Writable after I change the permission for the whole folder and files