Access Control in WordPress With PublishPress Capabilities

cme dashboard

There is one reason I keep hearing over and over again from people who don’t use WordPress: there’s no access control. For large organizations, it’s essential to have close control over what users can and cannot do on our site. Drupal and Joomla both have powerful access control systems in the core.

With WordPress, if you choose the right plugin, it is still possible to have close control over what your users can and can not do. We’re going to show you how with the PublishPress Capabilities plugin.


PublishPress Capabilities

  • Go to Plugins > Add New in your WordPress admin area.
  • Search for and install the “PublishPress Capabilities” plugin.
  • Once the plugin is active, go to Capabilities in the left-hand menu.
  • Click this link and you’ll see the main PublishPress Capabilities Dashboard.

User Roles

As a reminder, there are five default roles in WordPress: Administrator, Editor, Author, Contributor and Subscriber.

User Roles form the basis of permissions in WordPress. In most cases, it’s best to put a user into a role and apply permissions to that role, rather than trying to apply permissions directly to the user.

In order to follow this tutorial, I would recommend clicking Users in the left-hand menu and creating a user in the Editor role. We’re going to use them to show how PublishPress Capabilities works.

Well, the reason that some user roles can’t see those links is that they don’t have the correct Capabilities. For example, these are the Capabilities that the Editor has:

Everything on this page is editable. You have complete control over the permissions on your site.


PublishPress Capabilities

PublishPress Capabilities is a powerful way to control who can do what on your WordPress site.

A note of caution: access control is a naturally difficult and time-consuming task. It will take you a while to learn how to use PublishPress Capabilities. It took me several hours and several strong cups of coffee to understand how it works. Not everything is as intuitive as it could be. That was true of learning access control in Joomla and Drupal too.

However, give it time, practice and experiment with how it works. You’ll be rewarded. Thanks to PublishPress Capabilities, WordPress can have access control that is similar to Joomla and Drupal.

Author

  • Steve Burge

    Steve is the founder of OSTraining. Originally from the UK, he now lives in Sarasota in the USA. Steve's work straddles the line between teaching and web development.

    View all posts
0 0 votes
Article Rating
Subscribe
Notify of
guest

13 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Sean Cook
Sean Cook
12 years ago

Does the plugin “WishList” membership need this or does it have it’s own access control? Also, would you use this to create your own subscription/membership based site?

David Esrati
David Esrati
12 years ago

Thanks for this- really helpful. Do you know of anyway to log access as well- to see who signed in, did what?

I’m also trying to find how this can work with BuddyPress- with many subdomain sites- as well as to try to lock out access for most from CiviCRM which installs like a plugin- but, so far, isn’t permissions aware.

Paul Noble
Paul Noble
11 years ago

Curious – I have a client who wants to update a specific part of the site that is the plug in: WP Tables Reloaded.

It is located in the TOOLS section of the Admin.

Can I give them access ONLY to the tools section | WP Tables Reloaded?

Thank you in advance.

martin
martin
11 years ago

Hi. I really love this plugin. Does exactly what is says!

I am wondering if there is possibility to limit number of posts in an allowed category as well????

jcraig
jcraig
11 years ago

I am running WP3.5. And Graphene theme.

Your plugin would not work – Java error.

Was too bad as it looks amazing! I use Drupal and was hoping for some WP functionality to mimick Drupal.

Let me know and I can send a log if you you are interested.

Keep up the great work!

Jc

Dennis Parmelee
Dennis Parmelee
11 years ago

Hi,

I am looking for a plug in that will restrict paid subscribers to viewing a portion of my site, defined by “category” for each product (Think educational content for each category).

I came across this plug in as a possible match. Subscribers get read access only permission.

Using wordpress 3.5 and small biz theme.

I would also like to inhibit copying/distribution/plagarizing, and realize that is another animal.

Any thoughts?

Thanks in advance

Roger S.
Roger S.
11 years ago

Excellent app. Does exactly what I needed it to do. I have support ticket plugin and I only want agents to see the tickets assigned to them. Great job!

Powla
Powla
10 years ago

Is there a way to restrict access to /wp-admin/ based on time ? So not allow users to login after work hours ?

Mohsin Anwaar
Mohsin Anwaar
10 years ago
Reply to  Powla

use a security plugin all in one wp security

popescu
popescu
10 years ago

Hi, I have the following problem: when I activate the plug in, I can only access as superadmin. If I log in as a user, I only have a blank screen and cannot access the (restricted) administration page.

Benjamin
Benjamin
10 years ago

Hello,
We’re using WPML for translations. Does this Plugin offers the possibility to restrict access to foreign posts, pages, custom-post types, … to a user?
This means a user has only access to all the items per language and not per author.

Helen
Helen
9 years ago

I have just bought AAM and installed it using the licens code. Now my azure website is all blank…! Why and what can I do to get it back again?

Helen

Rebecca Redding
Rebecca Redding
7 years ago

I just downloaded… my roles do not show up. I’m only able to edit Admin. I want to edit and/or add other roles but there is no option. Am I doing something wrong?

13
0
Would love your thoughts, please comment.x
()
x