I’m constantly looking for ways to make WordPress more palatable for the common user (see: non-developers). It may be simple in comparison to other content management systems, but it’s still got some confusing artifacts. And, once you start adding robust plugins, things can get messy.

Here are some of my approaches to optimizing the WordPress admin area, along with snippets for making it happen or links to a plugin.

Disable Editor and Updates

I can’t think of a good reason to ever use the built-in code editor in WordPress. If you’re far enough along to edit code, you’re far enough along to use a real code editor with FTP or version control. This will disable it entirely:

define( 'DISALLOW_FILE_EDIT', true );

If—and only if—you are consistently checking for updates and updating on your client’s behalf, and you don’t want them adding plugins autonomously, you can disable the ability to add and update plugins and themes:

define( 'DISALLOW_FILE_MODS', true );

The two lines above can go in wp-config.php or a plugin. Everything else from this point should go in a plugin.

Editor Permissions

I often want to give editors access to the Appearance menu, so I built a plugin that does that. No setup, no settings.

Hide Unnecessary or Sensitive Menu Items

The Tools > Available Tools menu item in WordPress provides no value to most of my clients (or me, for that matter). You can remove it from view with:

function yourplugin_remove_tools() {
   remove_submenu_page( 'tools.php', 'tools.php' );
add_action( 'admin_menu', 'yourplugin_remove_tools', 999 );

I also utilize plugins for caching and security, but I don’t really want either of those settings to be visible to folks if I’m helping them manage things. Here, I’ve removed the menu links for Better WP Security and W3 Total Cache:

function yourplugin_remove_tools() {
    remove_menu_page( 'better-wp-security' );
    remove_menu_page( 'w3tc_dashboard' );
add_action( 'admin_menu', 'yourplugin_remove_tools', 999 );

Note: these pages will still be accessible by visiting the proper URL. That means you can get to it, and it’s very unlikely that a user will stumble upon it. That’s the goal.

Hide Sensitive Plugins from the Plugins Page

Following the logic from above, there are some plugins that need to stay put and not be deactivated. In some cases, dropping plugins in the mu-plugins folder will work. That won’t do in all instances, so you can hide them from the plugins listing instead.

This removes the same two plugins:

function yourplugin_filter_plugins( $plugins ) {
    $hidden = array(
        'Better WP Security',
        'W3 Total Cache'
    foreach ($plugins as $key => &$plugin ) {
        if ( in_array( $plugin["Name"], $hidden ) ) {
    return $plugins;
add_filter( 'all_plugins', 'yourplugin_filter_plugins' );

Remove Specific Links from the Menu Bar

The W3 Total Cache plugin is a good example here: sometimes, I want to leave the menu option for purging cache available to users with permission. However, I don’t want the ‘FAQ’ and ‘Support’ links that come along with that dropdown. So, I’ll just remove those specific links:

function yourplugin_remove_admin_bar_links() {
    global $wp_admin_bar;
add_action( 'wp_before_admin_bar_render', 'yourplugin_remove_admin_bar_links' );

Remove Dashboard Widgets

Yes, you can use the ‘Screen Options’ menu to show/hide widgets on the Dashboard. However, the ‘WordPress News’ widget is pretty irrelevant to most of my clients. We can hide it completely, instead:

function yourplugin_disable_dashboard_widgets() {
    remove_meta_box( 'dashboard_primary', 'dashboard', 'normal' );
add_action( 'admin_init', 'yourplugin_disable_dashboard_widgets' );

All the Code as a Plugin

If you like everything you see here, you can use the boilerplate code in this gist. Change the prefixes to something relevant, fill in the other information, and customize as needed. Drop it in the mu-plugins folder (create that folder if you don’t have it). That’ll keep it activated automatically.

Also: don’t drop any of this code in functions.php. This has nothing to do with your theme, so it shouldn’t be dependent on it.

For any of these functions, you can make the result conditional by role, permissions, etc. A little digging around should help you figure any of that out.

I hope this helps you! I’m passionate about making WordPress a CMS that users love. Luckily, it’s easy to integrate code like this that removes what we don’t want.

Want blog posts sent directly to your email?

Sign up to get emails from Logos Creative! You'll get the latest blog posts and an occasional extra email. Unsubscribe (easily) at any time.

March 7, 2014 — 3 Comments — In Blog, Development, Tutorial, WordPress
  • alessandro canè

    remove_menu_page(‘better-wp-security’ );
    do you know how to change this now that plugin name is changed to iThemes Security?

    • Cliff Seal

      Sure. You just need the slug name in the URL for the admin page.

  • Pingback: This Week In WordPress: Aug 25, 2014()