PublishPress Permissions: Control User Access for Posts, Pages, Categories, Tags

Description

PublishPress Permissions allows you to enable or deny access to posts, pages, categories, tags and more. You can apply these permissions for user roles, individual users, and even custom groups.

With PublishPress Permissions, you can control who can view and edit your WordPress content. You can choose who can access images and files in your site’s Media Library. For example, you can deny all direct access to files for logged out users.

The Pro version of PublishPress Permissions has many advanced features such as teaser previews of restricted content, custom WordPress statuses, and automatically creating personal posts for users.

PublishPress Permissions Pro

Upgrade to Permissions Pro
This plugin is the free version of PublishPress Permissions. The Pro version of Permissions has all the features you need to control permissions for your WordPress users. With Permissions Pro you can manage access to posts, pages, media, taxonomies and custom post types. Click here to control access to your WordPress site with Permissions Pro!

Key Features in PublishPress Permissions

  1. Viewing permissions: Every post, page, and taxonomy term has a box where you can choose who can read this content.
  2. Editing permissions: Every post, page, and taxonomy term has a box where you can choose who can edit this content.
  3. Media Library permissions: You decide who gets to edit and view image files and documents in your Media Library.
  4. Hide other users’ posts: You can prevent users from seeing posts by other users in the WordPress admin area.
  5. Create user groups: Build groups of users who can be given their own custom permissions. Two default groups include Logged in and Logged out users.
  6. Show teasers for restricted content (Pro version): Have teaser text that is publicly available, followed by private content that is restricted to only your site’s users.
  7. Personal posts for each user (Pro version): You can automatically create individual posts for your users so they have their own private content to edit or read.
  8. Publishing statuses (Pro version): Go beyond “Draft”, “Pending Review” and “Published” with your own custom, and far more advanced, workflow.
  9. Visibility statuses (Pro version): Create visibility options for your content. One example is a “Premium” status that makes content visible only for paying members.
  10. Editorial Circles and Visibility Circles (Pro version): Restrict users to editing or viewing posts that were authored by other users in the same group.
  11. Integration with other plugins (Pro version): The Permissions plugin integrates with other popular plugins including bbPress, BuddyPress, WPML, and Relevanssi.

Feature 1. Viewing Permissions for WordPress Content

PublishPress Permissions enables you to customize viewing access for WordPress content. Open any post and you’ll see a box with the label, “Permissions: Read this Post”. This box allows you to choose “Enabled” or “Blocked” for any user role, individual user, or user group. You can also set permissions for all users who are guests, and those who are logged in.

Click here to see how to control viewing permissions.

Feature 2. Editing Permissions for WordPress Content

PublishPress Permissions allows you to customize the editing permissions for all your content. Open a Post, Page, Category, Tag, or custom post type and you can decide who is allowed to edit that content. You can even prevent users from editing child pages of a specific parent page. Open any content item and you’ll see a box with a label like this: “Permissions: Edit this Post”. This box allows you to choose “Enabled” or “Blocked” for any user role, individual user, or user group.

Click here to see how to control editing permissions.

Feature 3. Access Permissions for the Media Library

PublishPress Permissions gives you detailed control over access to media on your WordPress site. You decide who gets to edit and view files in your Media Library. For example, you can set up WordPress so that users only have access to files that they uploaded. Or you can add an exception so users can edit other people’s media files if they are attached to a post they can edit.

The Pro version of Permissions allows you to deny any public access to files on your site. Nobody will be able to see your Media Library files unless they have access to a post that includes that file.

Click here to see how to manage access to your media files.

Feature 4. Hide Other Users’ Posts in the WordPress Admin

By default, WordPress users in the admin area can see all the Posts on the site, regardless of whether they are the author. This is not a problem for many sites. After all, most posts on most sites are publicly available – there’s no need to hide them. However, in some situations, site owners don’t want authors to see the posts that other users are working on. PublishPress Permissions can hide posts in the WordPress admin area, unless you have access to edit that post.

Click here to see how to hide other users’ posts.

Feature 5. Create Your Own User Groups

PublishPress Permissions allows you to create your own user groups. Imagine you want to give some users access to a single Post. Instead of creating a new user role and applying all the permissions, you can easily add those users to a group. This is a simple and more flexible alternative to user roles. You can also prevent users from reading or editing content if they are not in a specific group. By default, this plugin gives you sample groups that include all Logged in and Logged out users so you can easily set public and private content.

Click here to see how to use custom user groups.

Feature 6. Show Teasers for Restricted Content (Pro Version)

PublishPress Permissions Pro allows you to display a teaser for unreadable content. This is perfect for making small snippets of your content available to the public. You can have teaser text that is publicly available, followed by private content that is only visible for your site’s users. If you choose to display a login form, the redirect will go to the originally requested content.
Click here to see how to display content teasers.

Feature 7. Automatically Create Posts for Users (Pro Version)

This Pro feature allows you to automatically create content for your users. For example, you can sync your staff members to Pages. This would allow your staff to each have their own page to edit and update. You can use this feature to automatically create posts, WooCommerce products, or any other post type that is defined on your site.
Click here to see how to automatically create posts for users.

Feature 8. Create Your Own Publishing Statuses (Pro Version)

WordPress provides some status options including “Draft”, “Pending Review” and “Published”. Permissions Pro enables you to design a far more advanced workflow. Each status you create can have its own unique capability requirements.
Click here to see how to build your own workflow statuses.

Feature 9. Create Your Own Visibility Statuses (Pro Version)

With PublishPress Permissions Pro, you can create visibility options for your content. One example is a “Premium” status that makes content visible only for paying members. Another example is a “Staff” status, for the people who run your site.

Click here to see how to build your own visibility statuses.

Feature 10. Editorial Circles and Visibility Circles (Pro Version)

Visibility Circles are a feature in PublishPress Permissions Pro that restrict users to viewing posts that were authored by other users in the same group. PublishPress Permissions also has Editorial Circles. If you are in an Editorial Circle for Pages, you will only be able to edit pages authored by other circle members.

The most common way to use this feature is to restrict users in the Editor role so that they can only edit posts written by other Editors. This is because Editors are the only default WordPress role that can edit content (except for Administrators).

Click here to see how to build your own Editorial Circles and click here to see how to build your own Visibility Circles.

Feature 11. Support for Other Plugins

The Permissions plugin integrates with other popular plugins:

  • BuddyPress content permissions: With the PublishPress Permissions Pro plugin, you can give users access to create WordPress content, based on their BuddyPress group membership.
  • Relevanssi search permissions: Relevanssi is an excellent plugin that replaces the standard WordPress search with a better search engine. PublishPress Permissions Pro has integration with Relevanssi. If you use PublishPress Permissions Pro, your Relevanssi search results will have the correct visibility.
  • WPML language permissions: PublishPress Permissions Pro does have support for the WPML plugin. By default, PublishPress Permissions Pro will automatically mirror your post / category permissions to the translated content.
  • bbPress language permissions: bbPress is the most popular forum software for WordPress. With PublishPress Permissions Pro, you can manage access and to important bbPress features.

Join PublishPress and get the Pro plugins

The Pro versions of the PublishPress plugins are well worth your investment. The Pro versions …

Screenshots

  • Custom viewing permissions: Every post, page, and taxonomy term has a box where you can choose who can read this content.
  • Custom editing permissions: Every post, page, and taxonomy term has a box where you can choose who can edit this content.
  • Category permissions: Every category has a box where you can choose who can edit, read, or assign this category.
  • Create custom groups: Build groups of users who can be given their own custom permissions. Two default groups include Logged in and Logged out users.
  • Manage media library access: You decide who gets to edit and view image files and documents in your Media Library.
  • Show content teasers: Have teaser text that is publicly available, followed by private content that is restricted to only your site's users.
  • Synchronize content to users: You can automatically create individual posts for your users so they have their own private content to edit or read.

FAQ

Can I restrict access to custom post types?

A large number of WordPress have sites with custom post types. These custom post types often hold sensitive information. In this guide, we’ll show you how to control who can read, edit and publish content in your custom post types. By default, nearly all custom post types will inherit the same permissions as Posts. So a user in the “Editor” will role will automatically be able to write and edit in your custom post type.

  • Install the PublishPress Permissions Pro plugin.
  • Go to Permissions > Settings > Core.
  • Under “Filtered Post Types”, check the box for your post type.
  • Click “Save Changes”.
  • You will now be able to edit any post in your custom post type and see editing permissions.

Click here to see how to restrict access to custom post types.

Can I restrict viewing access to specific categories?

Yes, PublishPress Permissions makes it possible to control who can view and read content with a specific category attached. In this situation, “read” means “view”. So we’re going to control who can see this content. By default, Categories are only available on WordPress Posts. However, you can add Categories to other post types and so you will be able to use the tutorial for those post types too.

Click here to see how to restrict access to categories.

Can I force users to create posts in a category or parent page?

This guide will show you how to require users to create content in a specific category or parent page. The solution in this guide is a flexible approach for sites with a substantial number of users in different roles. Depending on the needs of your site, the PublishPress plugins also offer other approaches such as this one based on user roles. In this tutorial, we’ll use examples from a university. Our sample site has categories for different university departments. Our aim will be to restrict some users to posting in some categories, or underneath some parent pages. By default, Categories are only available on WordPress Posts. However, you can add Categories to other post types and so you will be able to use the tutorial for those post types too.

Click here to see how to force users to post in a category.

Can I block access to WordPress category and tag archives?

Yes, the PublishPress Permissions plugin allows you to block access to WordPress category and tag archive pages. For example, you can block public access to the “Blog” category on your site. We will use this as an example, but the same approach can work for all taxonomies.

  • Install the PublishPress Permissions plugin.
  • Go to “Posts”, then “Categories”.
  • Click “Edit” for your category.
  • Scroll down to the “Permissions: Read Posts in this Category” area.
  • Set “Anonymous” to “Blocked”.

This will impact anyone who is anonymous / not logged in to your site and tries to visit a post with the “Blog” category, or “Blog” category archive page. People without access to this category will only see a “Page Not Found” message.

Click here to see how to deny access to blog archives.

Can I control access to Media Library files?

The PublishPress Permissions plugin allows you to control permissions for media files on your site.

  • Go to Permissions > Settings.
  • Click the “Core” tab and make sure the “Media” box is checked.
  • Click the “Editing” tab.

Scroll down to the “Media Library” area. Here you’re going to see 4 options you can use to control access to files inside the Media Library:

  • List other users’ uploads if attached to a readable post: If this boxed is checked, users can view other people’s media files if they are attached a post they can read.
  • List other users’ uploads if attached to an editable post: If this boxed is checked, users can view other people’s media files if they are attached a post they can edit.
  • Edit other user’ uploads if attached to an editable post: If this boxed is checked, users can edit other people’s media files if they are attached a post they can edit.
  • Other users’ unattached uploads listed by default: If this boxed is checked, users can view other people’s media files.

Click here to see how to control access to the Media Library.

Can I block people and search engines from accessing Media Library file URLs?

By default, all the files and images you upload to WordPress are publicly available. This is great news for most sites. The goal of most sites is to create popular content that is viewed by as many readers as possible. But this public access is a problem if you run a membership site and DO NOT want everyone reading your content. Yes, you can restrict the privacy of your posts, but people can still view your files if they know the URL. The PublishPress Permissions Pro plugin makes it possible to block direct access to your media files. Even if someone knows the URL, they won’t be able to access your files unless you give them the correct access.

Click here to see how to block people and search engines from accessing file URLs.

Can I restrict WordPress users from creating higher-level users?

By default, WordPress only allows Administrators to create users. If you want to allow other roles to create users then you need to give them at least the promote_users, list_users, edit_users and create_users permissions. However, if you give them those permissions, they can create and edit users in any role. So you could have Editors creating and editing Administrator accounts. That could be a security problem. Fortunately, PublishPress Permissions has a feature called “Limit User Edit by Level”. This prevents anyone from editing a user with a higher level or assigning a role higher than their own.

Click here to see how to restrict user creation.

How does PublishPress Permissions compare to PublishPress Capabilities, User Role Editor, Members and other role editor plugins?

PublishPress Permissions can be used in addition to a basic role editor / user management plugin. Those plugins are designed to modify existing WordPress permissions. That’s a valuable task, and in many cases will be all the role customization you need. We do recommend PublishPress Capabilities which is a WordPress role editor designed for integration with PublishPress Permissions.

PublishPress Permissions can supercharge your permissions engine and goes much further than the basic role editor plugins. PublishPress Permissions is particularly useful when you want to customize access to a specific post, category or term. PublishPress Permissions adds content-specific editing permissions, custom post status permissions, file access restriction, and other features which are not possible in default WordPress.

What should I do if I use the Role Scoper plugin?

Moving forward, we do not plan any major development of the Role Scoper code base. If you encounter issues with Role Scoper and need to migrate to a different solution, PublishPress Permissions provides access to an import script which can automate the majority of your Role Scoper migration. PublishPress Permissions can import the most Role Scoper groups, roles, restrictions and options. Some manual follow up may be required for some configurations.

Is PublishPress Permissions a complete membership solution?

No, but it can potentially be used in conjunction with an e-commerce or membership plugin. If you have a way to sell users into a WordPress role or BuddyPress group, PublishPress Permissions can grant access based on that membership.

Where does PublishPress Permissions store its settings?

PublishPress Permissions creates and uses the following tables: pp_groups, pp_group_members, ppc_roles, ppc_exceptions, ppc_exception_items. PublishPress Permissions options stored to the WordPress options table have an option name prefixed with “presspermit_”. Due to the potential damage incurred by accidental deletion, no automatic removal is currently available. You can use a SQL editing tool such as phpMyAdmin to drop the tables and delete options with option_name LIKE presspermit_%.

Can I share a link to install PublishPress Permissions?

Yes, we use the phrase “publishpress-ppcore-install” to share install links. You will see that text included in the links from other PublishPress plugins.

Reviews

9 di Setembar dal 2023 1 reply
Fue muy rápido aprenderlo a usar y sencillo, lo mejor. Muchas gracias
24 di Fevrâr dal 2023 1 reply
Top support
6 di Fevrâr dal 2023 1 reply
Support provided great support when we encountered an issue, being plugin customers! Powerful plugin and we cannot easily live without it. It can become a bit complex, but it is logical.
Read all 55 reviews

Contributors & Developers

“PublishPress Permissions: Control User Access for Posts, Pages, Categories, Tags” is open source software. The following people have contributed to this plugin.

Contributors

“PublishPress Permissions: Control User Access for Posts, Pages, Categories, Tags” has been translated into 6 locales. Thank you to the translators for their contributions.

Translate “PublishPress Permissions: Control User Access for Posts, Pages, Categories, Tags” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

4.0.18 – 27 Feb 2024

  • Perf : Eliminated scan of users table on plugin activation (impacting sites with large number of users)
  • Perf : Eliminated recursive query of subpages (impacting sites with complex page hierarchies)
  • Perf : Improved caching of post capability checks
  • Perf : On category / term queries, don’t filter term counts if empty terms are not being hidden and counts are not being shown
  • Code : Improved PHP Code Sniffer scan results
  • Compat : Elementor – Could not use Elementor front end editor to save a draft of a published post
  • Compat : Nested Pages – Apply pp_force_quick_edit capability to Nested Pages’ Quick Edit and Contextual Add / Insert buttons
  • Fixed : Filters for Post category, Tags, Terms, Parent or Status could be applied to wrong post under certain conditions
  • Fixed : Permissions > Settings > Core > Front End > “Performance: Don’t filter category / tag counts” was not applied for Administrator
  • Fixed : Some strings on Permissions > Settings were not translated
  • Fixed : Gutenberg editor usage was not properly detected when triggered by another plugin, possibly leading to issues with category / term assignment filtering
  • Fixed : Category pages: Subcategory posts were inappropriately hidden on some sites
  • Fixed : Legacy Nav Menu Management – Limited Nav Menu editors saw uneditable menus in dropdown on Menus management screen
  • Fixed : Legacy Nav Menu Management filters interfered with front end filtering under some conditions
  • Fixed : Sanity check to prevent excessive version history logging if installed plugin’s version tags or version tag storage is incorrect
  • Fixed : Terms were inappropriately auto-assigned under some conditions\
  • Change : Permissions > Settings > Editing option to disable auto-assignment of terms (when default term is not selectable). Note: Auto-assignment is required for some term-restricted editing configurations.
  • Change : Auto-assign a term only if no default terms are selectable and the user’s editing access is modified by term-specific Permissions
  • Change : Never auto-assign a term to front page or posts page
  • Change : Constant definitions related to term auto-assignment to assist any potential troubleshooting or restore previous behavior
  • Change : User search for Specific Permission assignment – use LIKE matching for user meta field searches
  • Change : Suppress “Enable Permissions” metaboxes in Post editor, Edit Term screens
  • Change : Support constant PRESSPERMIT_MEDIA_UPLOAD_GRANT_PAGE_EDIT_CAPS for front end uploading solutions that require page editing capabilities for the async upload request
  • Lib : Update wordpress-reviews library to v1.1.20
  • Lib : Update wordpress-version-notices library to v2.1.3
  • Lang : Update ES, FR, IT translations

3.11.6 – 13 Dec 2023

  • Feature : Option to require Taxonomy edit capability to assign post tags that do not already exist
  • Fixed : On Post edit, Tags were not filtered based on Specific Permissions
  • Fixed : On Permissions > Settings, All Taxonomies remained checked even after updating with some disabled
  • Compat : Work around unidentified compatibility issue affecting term filtering and access to certain static methods

3.11.5 – 1 Nov 2023

  • Compat : Beaver Builder – Queries within BB shortcodes were improperly filtered
  • Fixed : Supplemental role captions were blank
  • Fixed : PHP Warning “Attempt to read property ‘count’ on string”
  • Fixed : PHP Warning “Undefined variable $admin_post_new_url”

3.11.4 – 26 Oct 2023

  • Fixed : Collaborative Publishing module was not loaded correctly on some installations
  • Fixed : Caption for Permissions: Assign Term metabox in post editor
  • Fixed : PHP Warnings on Permission Groups screen

3.11.3 – 25 Oct 2023

  • Fixed : Some Permissions filtering was not applied on sites with a custom wp-admin URL
  • Fixed : Type-specific Supplemental Roles also granted most generic capabliities in Pattern Role. Introduce new Permissions > Advanced > Role Integration setting to restore previous behavior if needed.
  • Fixed : On page edit, if the Page Parent is not editable by the logged in user, it is hidden from the Page Parent selector. This occurred only with WP >= 6.3 and with a non-standard advanced Permissions configuration.
  • Fixed : PHP Warning in term filtering (Attempt to read property “term_taxonomy_id” on string) under some configurations
  • Fixed : Filtering of default category / term by other plugin was overridden
  • Fixed : Edit User Permissions – PHP Warning “compact(): Argument must be string…”
  • Fixed : Fatal error “Call to a member function init() on null” under some configurations
  • Fixed : Version update script triggering could be skipped on Pro installation under some conditions
  • Compat : Polylang + WP 6.3 – Language filter was no longer applied to Page Parent dropdown
  • Change : Added installation log to Permissions > Settings > Install

3.11.1 – 30 Aug 2023

  • Fixed : Rest API access error on some sites (potentially preventing login)
  • Fixed : Gallery block in Gutenberg editor: error loading Image Size dropdown options
  • Fixed : Caption for Navigation Menus (for Navigation block) did not distinguish them from legacy Nav Menus
  • Fixed : PHP 8.1 – Warning for dynamic property creation in post editor
  • Compat : Peepso – Non-administrators couldn’t submit front end posts on PHP >= 8.1

3.10.0 – 19 Jun 2023

  • Compat : WooCommerce – Private Products were not listed in Shop, even if Read Permissions are assigned
  • Compat : ACF Extended – Extra Update button on Edit Term screen
  • Fixed : Fatal error for undefined PUBLISHPRESS_PERMISSIONS_PRO_VENDOR_PATH on some installations
  • Fixed : If a “Limit to: (none)” Permission is assigned to default-restrict a post type, creating a new post causes a post-specific allowance to be assigned
  • Fixed : Category filtering error caused Nav Menu corruption if empty category is used as a top level menu
  • Change : Bump WordPress version requirement to 5.5
  • Change : Bump PHP version requirement to 7.2.5
  • Change : Update vendor libraries based on revised PHP version support

3.9.3 – 11 May 2023

  • Change : Adjustment to composer.json
  • Change : Adjustment to .gitignore

3.9.2 – 10 May 2023

  • Fixed : Remove .git nested folders from some vendor libraries, using build script

3.9.1 – 9 May 2023

  • Fixed : Fatal error in Composer installs due to missing vendor libraries
  • Compat : PublishPress Planner – Status Change notifications were not sent

3.9.0 – 4 May 2023

  • Fixed : Error updating plugin with Composer, fixed by removing unused vendor libraries
  • Fixed : Fatal error in wp-admin if certain request variables have unexpected values
  • Change : Bump WordPress version requirement to 5.5
  • Change : Bump PHP version requirement to 7.2.5
  • Change : Update vendor libraries based on revised PHP version support

3.8.8 – 04 May 2023

  • Change: Added warning about end of support for WordPress 5.4 and earlier. PublishPress Permissions 3.9 will require WordPress 5.5 or later.

3.8.7 – 30 Mar 2023

  • Change : Media Library – new setting to disable “Prevent editing uploads if attached to a non-editable post”, available if Settings > Core > Filtered Post Types > “Enforce distinct capabilities for Media” is enabled
  • Compat : WPML – Logged in users saw 404 error on Home Page viewing request if post type is not enabled for Permissions filtering
  • Fixed : Error on post creation / update by Editor, under some configurations
  • Fixed : PHP 8.1 – Notice in wp-admin
  • Change : Minimum PHP version 7.2.5

3.8.6 – 23 Mar 2023

  • Compat : Elementor – Error, memory exhaustion when users try to edit their own draft in Elementor
  • Compat : PublishPress Revisions – When revision submission is enabled for unpublished posts, Revision Creation exceptions also allowed publication of main post
  • Fixed : Fatal Error for some get_pages() queries

3.8.5 – 9 Feb 2023

  • Fixed : Permission Group description was cleared when a new Permission is saved
  • Fixed : If Permissions were set to limit Page Parent selection to a single page and its descendants, when that page itself was edited, all pages were displayed in Page Parent selector (though they could not be saved)
  • Fixed : Nav Menu Management: Menu update by a limited user cause all uneditable menu items to be removed
  • Fixed : Nav Menu management by limited user based on Permissions for a specific menu – On menu update, all uneditable items were removed
  • Fixed : PHP Warning in login popup after current login times out
  • Fixed : If constant PP_RESTRICTION_PRIORITY is set, “Limit to” Category permissions (the unblocked list) were still overriding “Exclude” Category permissions
  • Compat : PublishPress Revisions – Permissions limiting revision creation to only specific posts also blocked reading access to other posts

= 3.8.4 – 15 Dec …