You could try this:
function restricted_access() {
if( ! is_user_logged_in() ) {
global $wp_query;
$wp_query->set_404();
status_header(404);
}
}
add_action( 'wp', 'restricted_access' );
By default, always, if the user is not logged in it will give them the 404 page. The following two functions will keep non-admins out of your Admin Panel and will also hide the black admin bar from the front-end.
function redirect_nonadmins(){
if ( ! current_user_can( 'administrator' ) ){
wp_redirect( site_url() );
exit;
}
}
add_action( 'admin_init', 'redirect_nonadmins' );
function no_adminbar() {
if( ! current_user_can( 'administrator' ) ) {
add_filter( 'show_admin_bar', '__return_false' );
}
}
add_action( 'after_setup_theme', 'no_adminbar' );
Edit – Some explaination
The function is_user_logged_in()
returns a true / false boolean; True if the user viewing the current page is logged in. False if the user viewing the current page is not logged in.
The function current_user_can()
will check the current users capabilities. In the above I check if the current user has administrator
capabilities. If not – do not allow them to view the admin panel and do not show the black admin bar on the front end.