Title: Advanced Access Manager – Access Governance for WordPress Author: AAM Plugin Published: July 30, 2011 Last modified: March 8, 2026 --- Search plugins ![](https://ps.w.org/advanced-access-manager/assets/banner-772x250.png?rev=3447421) ![](https://ps.w.org/advanced-access-manager/assets/icon-256x256.png?rev=3447421) # Advanced Access Manager – Access Governance for WordPress By [AAM Plugin](https://profiles.wordpress.org/vasyltech/) [Download](https://downloads.wordpress.org/plugin/advanced-access-manager.7.1.0.zip) * [Details](https://wordpress.org/plugins/advanced-access-manager/#description) * [Reviews](https://wordpress.org/plugins/advanced-access-manager/#reviews) * [Installation](https://wordpress.org/plugins/advanced-access-manager/#installation) * [Development](https://wordpress.org/plugins/advanced-access-manager/#developers) [Support](https://wordpress.org/support/plugin/advanced-access-manager/) ## Description **Advanced Access Manager (AAM)** introduces **Access Governance for WordPress**– a systematic approach to securing your site by controlling who can access what, when, and why. Most WordPress security plugins focus on external threats like malware, firewalls, and brute-force attacks. AAM addresses the **root cause of the #1 WordPress security risk: broken access controls, excessive privileges, and misconfigured roles**. Instead of reacting to attacks, AAM helps you **design security into your WordPress site**. #### What Access Governance means in practice * **Mitigate Broken Access Controls**. Ensure roles, users, and permissions are correctly configured to prevent unauthorized actions and privilege escalation. * **Eliminate Excessive Privileges**. Identify overpowered users and reduce access to critical functionality, admin areas, and APIs. * **Secure Content by Design**. Control who can view, edit, publish, or delete posts, pages, media, taxonomies, and custom content types. * **Govern Access with Policy**. Define access rules using JSON Access Policies— portable, auditable, and automation-friendly. * **Build Custom Security Logic**. Use the AAM PHP Framework to create advanced, programmatic access controls tailored to your application. #### Key Features * **Security Audit**. Detect risky role assignments, misconfigurations, and compromised accounts. * **Granular Access Control**. Manage permissions for any user, role, or visitor with precision. * **Role & Capability Management**. Customize WordPress roles and capabilities beyond defaults. * **Admin & Menu Control**. Restrict dashboard areas and tailor the admin experience per user or role. * **API & Endpoint Protection**. Secure REST and XML-RPC access with fine-grained controls. * **Modern Authentication Options**. Support passwordless and secure login flows. * **Developer-Ready Framework**. Extend WordPress security using AAM’s powerful SDK. * **Ad-Free & Transparent**. – No ads, no tracking, no bloat. #### Built for Security-Conscious WordPress Users AAM is trusted by **150,000+ websites** to deliver enterprise-grade access control without unnecessary complexity. Whether you’re a site owner, agency, developer, or security professional, AAM gives you **full control over WordPress access — by design**. Most core features are free. Advanced capabilities are available via premium add- ons. No hidden tracking. No data collection. No unwanted changes. Just **security you can reason about, audit, and trust**. ## Screenshots * [[ * Manage access to backend menu * [[ * Manage access to metaboxes & widgets * [[ * Manage capabilities for roles and users * [[ * Manage access to posts, pages, media or custom post types * [[ * Posts and pages access options form * [[ * Define access to posts and categories while editing them * [[ * Manage access denied redirect rule * [[ * Manage user login redirect * [[ * Manage 404 redirect * [[ * Create your own content teaser for limited content * [[ * Improve your website security ## Installation 1. Upload `advanced-access-manager` folder to the `/wp-content/plugins/` directory 2. Activate the plugin through the ‘Plugins’ menu in WordPress ## Reviews ![](https://secure.gravatar.com/avatar/5eba82187f5b3bb898da2e72a5b6ea95b89c72d2f64b9feaa577877a308068a3? s=60&d=retro&r=g) ### 󠀁[Fantastic](https://wordpress.org/support/topic/fantastic-3455/)󠁿 [Sepi](https://profiles.wordpress.org/sepicompanywork/) September 23, 2025 very good plugin. ![](https://secure.gravatar.com/avatar/9bd157c558ab1662ae6abe0538ad47538969e8732b9963cf989a5f80f5b8cc25? s=60&d=retro&r=g) ### 󠀁[Best in class](https://wordpress.org/support/topic/best-in-class-92/)󠁿 [yungcyang](https://profiles.wordpress.org/yungcyang/) January 17, 2025 I have been looking for a plugin to manage user access and AAM is by far the best of all. Highly recommended. ![](https://secure.gravatar.com/avatar/33fadaf8aef05d4f5ce5153c47ec1ecc45fa47b6bb54f6c06825ee4abfe32321? s=60&d=retro&r=g) ### 󠀁[This is an incredible plugin](https://wordpress.org/support/topic/this-is-an-incredible-plugin-3/)󠁿 [Vassos Hadjivassiliou](https://profiles.wordpress.org/more2think/) September 11, 2024 This plugin is the best out there. I use it every time I have a client that needs to have access to the backend. I can easily make changes to permissions for every user role. 10 stars guys ![](https://secure.gravatar.com/avatar/05cd834b6553523123d8f01c9b13cd82df56b42d3ce77aaa979b94651c8ad10b? s=60&d=retro&r=g) ### 󠀁[Doesn’t find all Plugin Toolbars](https://wordpress.org/support/topic/doesnt-find-all-plugin-toolbars/)󠁿 [tomo55555](https://profiles.wordpress.org/tomo55555/) June 10, 2024 2 replies When we started using this plugin a year or so ago it was good. But now it conflicts with many other plugins and misses out plugins like WPCode. It actually locked me out of the plugin as an administrator, so I had to uninstall AAM.It is a shame because it was once a great plugin. ![](https://secure.gravatar.com/avatar/3ec1f461f3235b171f60a3aaa69c01817c6ea6dcdc2f2316822c93f1ddb8ca0b? s=60&d=retro&r=g) ### 󠀁[Metaboxes and Gutenberg](https://wordpress.org/support/topic/metaboxes-and-gutenberg/)󠁿 [superwpml](https://profiles.wordpress.org/superwpml/) March 18, 2024 I am looking to hide “metaboxes” in Gutenberg editors, but as far as I understand in the “Metaboxes and Widgets”, in the “Articles” section, when I click hide (Comments, Slug…) .it does nothing.Does it only work in classic editor ? ![](https://secure.gravatar.com/avatar/b83ade75d526159be4493cef83679d60a450db4a1d4ca11c8d560b368e985e45? s=60&d=retro&r=g) ### 󠀁[Awesome Plugin with Great Support](https://wordpress.org/support/topic/awesome-plugin-with-great-support-49/)󠁿 [adamr001](https://profiles.wordpress.org/adamr001/) February 29, 2024 Very comprehensive plugin that was able to do a lot of the things that I needed ( especially in comparison to other ones out there when it comes to access management). Support was prompt, professional and very helpful and actually went above and beyond to help me out even after I had misunderstood some of the terms and conditions. They really know their stuff when it comes to WP so you are in good hands! [ Read all 421 reviews ](https://wordpress.org/support/plugin/advanced-access-manager/reviews/) ## Contributors & Developers “Advanced Access Manager – Access Governance for WordPress” is open source software. The following people have contributed to this plugin. Contributors * [ AAM Plugin ](https://profiles.wordpress.org/vasyltech/) “Advanced Access Manager – Access Governance for WordPress” has been translated into 7 locales. Thank you to [the translators](https://translate.wordpress.org/projects/wp-plugins/advanced-access-manager/contributors) for their contributions. [Translate “Advanced Access Manager – Access Governance for WordPress” into your language.](https://translate.wordpress.org/projects/wp-plugins/advanced-access-manager) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/advanced-access-manager/), check out the [SVN repository](https://plugins.svn.wordpress.org/advanced-access-manager/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/advanced-access-manager/) by [RSS](https://plugins.trac.wordpress.org/log/advanced-access-manager/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 7.1.0 * Fixed: Warning: Undefined array key “effect” in /../application/Framework/Utility/ Misc.php on line 483 [https://github.com/aamplugin/advanced-access-manager/issues/497](https://github.com/aamplugin/advanced-access-manager/issues/497) * Fixed: Can’t reset ConfigPress [https://github.com/aamplugin/advanced-access-manager/issues/493](https://github.com/aamplugin/advanced-access-manager/issues/493) * Fixed: Incorrect aam_manage_jwts capability [https://github.com/aamplugin/advanced-access-manager/issues/494](https://github.com/aamplugin/advanced-access-manager/issues/494) * Fixed: Null pointer in Content.php line 792 [https://github.com/aamplugin/advanced-access-manager/issues/495](https://github.com/aamplugin/advanced-access-manager/issues/495) * Changed: Removing AAM Post List shortcode [https://github.com/aamplugin/advanced-access-manager/issues/496](https://github.com/aamplugin/advanced-access-manager/issues/496) * New: Ability to add JWT token description [https://github.com/aamplugin/advanced-access-manager/issues/492](https://github.com/aamplugin/advanced-access-manager/issues/492) #### 7.0.11 * Fixed: Advanced Multi-Role setup fails to hide posts [https://github.com/aamplugin/advanced-access-manager/issues/491](https://github.com/aamplugin/advanced-access-manager/issues/491) * Fixed: Security Audit References are incorrectly displayed after page refresh [https://github.com/aamplugin/advanced-access-manager/issues/490](https://github.com/aamplugin/advanced-access-manager/issues/490) * Fixed: PHP warning when security audit fails due to unexpected error [https://github.com/aamplugin/advanced-access-manager/issues/489](https://github.com/aamplugin/advanced-access-manager/issues/489) * Fixed: Can’t deselect a parent role [https://github.com/aamplugin/advanced-access-manager/issues/488](https://github.com/aamplugin/advanced-access-manager/issues/488) #### 7.0.10 * Fixed: Permalink has empty href when post is password protected [https://github.com/aamplugin/advanced-access-manager/issues/487](https://github.com/aamplugin/advanced-access-manager/issues/487) * Fixed: Roles & Capabilities are not syncing in multisite [https://github.com/aamplugin/advanced-access-manager/issues/485](https://github.com/aamplugin/advanced-access-manager/issues/485) #### 7.0.9 * Fixed: PHP Parse error in php7.4 [https://github.com/aamplugin/advanced-access-manager/issues/482](https://github.com/aamplugin/advanced-access-manager/issues/482) * Fixed: Uncaught OutOfRangeException: Cannot find user by identifier 0 in /../ Framework/Utility/AccessLevels.php:198 [https://github.com/aamplugin/advanced-access-manager/issues/481](https://github.com/aamplugin/advanced-access-manager/issues/481) #### 7.0.8 * Changed: Move to PHP composer for vendor dependencies [https://github.com/aamplugin/advanced-access-manager/issues/480](https://github.com/aamplugin/advanced-access-manager/issues/480) #### 7.0.7 * Fixed: Uncaught Error: preg_match(): Argument #2 ($subject) must be of type string, array given in /…/Framework/Policy/Typecast.php on line 37 [https://github.com/aamplugin/advanced-access-manager/issues/474](https://github.com/aamplugin/advanced-access-manager/issues/474) * Fixed: Uncaught Error: Call to a member function get_settings() on null in /…/ application/Restful/Roles.php [https://github.com/aamplugin/advanced-access-manager/issues/479](https://github.com/aamplugin/advanced-access-manager/issues/479) * New: New access policy marker AAM_API [https://github.com/aamplugin/advanced-access-manager/issues/475](https://github.com/aamplugin/advanced-access-manager/issues/475) * New: Allow function expression anywhere within JSON policy xpath [https://github.com/aamplugin/advanced-access-manager/issues/476](https://github.com/aamplugin/advanced-access-manager/issues/476) * New: Give the ability to define conditions based on user’s OS, device, browser, brand, model, etc. [https://github.com/aamplugin/advanced-access-manager/issues/477](https://github.com/aamplugin/advanced-access-manager/issues/477) #### 7.0.6 * Fixed: Incorrectly handling subpages with policies [https://github.com/aamplugin/advanced-access-manager/issues/473](https://github.com/aamplugin/advanced-access-manager/issues/473) * Fixed: AAM removes slashes in JSON access policy [https://github.com/aamplugin/advanced-access-manager/issues/472](https://github.com/aamplugin/advanced-access-manager/issues/472) * Fixed: URL Access service does not handle URLs with query params correctly [https://github.com/aamplugin/advanced-access-manager/issues/470](https://github.com/aamplugin/advanced-access-manager/issues/470) * Fixed: The aam_backend_login widget is unavailable [https://github.com/aamplugin/advanced-access-manager/issues/469](https://github.com/aamplugin/advanced-access-manager/issues/469) * Changes: Improve clarity around premium add-on status [https://github.com/aamplugin/advanced-access-manager/issues/471](https://github.com/aamplugin/advanced-access-manager/issues/471) #### 7.0.5 * Fixed: ConfigPress are not taken into consideration before init hook [https://github.com/aamplugin/advanced-access-manager/issues/468](https://github.com/aamplugin/advanced-access-manager/issues/468) * Fixed: AAM does not display default terms pin anymore [https://github.com/aamplugin/ advanced-access-manager/issues/467] (https://github.com/aamplugin/advanced-access- manager/issues/467) * Fixed: Uncaught TypeError: array_key_exists(): Argument #2 ($array) must be of type array, null given in /../Framework/Service/Policies.php:661 [https://github.com/aamplugin/advanced-access-manager/issues/466](https://github.com/aamplugin/advanced-access-manager/issues/466) #### 7.0.4 * Change: Making sure that all AAM hooks are triggered only after init [https://github.com/aamplugin/advanced-access-manager/issues/465](https://github.com/aamplugin/advanced-access-manager/issues/465) #### 7.0.3 * Fixed: The Condition block is not handled properly when Operator is OR [https://github.com/aamplugin/advanced-access-manager/issues/464](https://github.com/aamplugin/advanced-access-manager/issues/464) * Fixed: Can Not Edit Password Protected Block Pages [https://github.com/aamplugin/advanced-access-manager/issues/463](https://github.com/aamplugin/advanced-access-manager/issues/463) * Fixed: Uncaught Error: Cannot use object of type WP_Post_Type as array in /../ Metaboxes.php on line 383 [https://github.com/aamplugin/advanced-access-manager/issues/461](https://github.com/aamplugin/advanced-access-manager/issues/461) * Feature Request: Re-introduce the “Unified Multisite Configuration Sync” option [https://github.com/aamplugin/advanced-access-manager/issues/462](https://github.com/aamplugin/advanced-access-manager/issues/462) #### 7.0.2 * Fixed: Restricted post with Teaser Message is not enforced [https://github.com/aamplugin/advanced-access-manager/issues/460](https://github.com/aamplugin/advanced-access-manager/issues/460) * Fixed: The “Redirect to the login page” option does not persist [https://github.com/aamplugin/advanced-access-manager/issues/459](https://github.com/aamplugin/advanced-access-manager/issues/459) * Fixed: The Reset All AAM settings button does not work [https://github.com/aamplugin/advanced-access-manager/issues/457](https://github.com/aamplugin/advanced-access-manager/issues/457) * Fixed: Metaboxes for custom taxonomies have the same slug [https://github.com/aamplugin/advanced-access-manager/issues/456](https://github.com/aamplugin/advanced-access-manager/issues/456) * Fixed: PHP Notice: AAM_Framework_Service_Widgets(): Invalid widget provided in/ wp-includes/functions.php [https://github.com/aamplugin/advanced-access-manager/issues/443](https://github.com/aamplugin/advanced-access-manager/issues/443) * Fixed: AAM labels quote escape [https://github.com/aamplugin/advanced-access-manager/issues/455](https://github.com/aamplugin/advanced-access-manager/issues/455) * Fixed: List of backend menu items is empty on the Backend Menu tab [https://github.com/aamplugin/advanced-access-manager/issues/454](https://github.com/aamplugin/advanced-access-manager/issues/454) * Fixed: Issue with clearing buffer [https://github.com/aamplugin/advanced-access-manager/issues/453](https://github.com/aamplugin/advanced-access-manager/issues/453) * Fixed: Uncaught Error: Call to a member function list() on null in /../Framework/ Manager.php:450 [https://github.com/aamplugin/advanced-access-manager/issues/452](https://github.com/aamplugin/advanced-access-manager/issues/452) * Enhancement: Give the ability to control archive pages [https://github.com/aamplugin/advanced-access-manager/issues/458](https://github.com/aamplugin/advanced-access-manager/issues/458) #### 7.0.1 * Fixed: Access Denied message when aam_access_dashboard capability is created [https://github.com/aamplugin/advanced-access-manager/issues/451](https://github.com/aamplugin/advanced-access-manager/issues/451) * Fixed: PHP Warning: array_diff(): Expected parameter 1 to be an array, string given in /…/Service/Identity.php on line 245 [https://github.com/aamplugin/advanced-access-manager/issues/449](https://github.com/aamplugin/advanced-access-manager/issues/449) * Fixed: Framework Manager error handling [https://github.com/aamplugin/advanced-access-manager/issues/448](https://github.com/aamplugin/advanced-access-manager/issues/448) * Fixed: Error type E_PARSE in …/Framework/Utility/Misc.php on line 292. Error message: syntax error, unexpected ‘…’ [https://github.com/aamplugin/advanced-access-manager/issues/447](https://github.com/aamplugin/advanced-access-manager/issues/447) * Fixed: PHP Fatal error. undefined function get_user [https://github.com/aamplugin/advanced-access-manager/issues/446](https://github.com/aamplugin/advanced-access-manager/issues/446) * Fixed: PHP Fatal error. undefined function wp_is_rest_endpoint [https://github.com/aamplugin/advanced-access-manager/issues/445](https://github.com/aamplugin/advanced-access-manager/issues/445) * Fixed: v2 api broken [https://github.com/aamplugin/advanced-access-manager/issues/444](https://github.com/aamplugin/advanced-access-manager/issues/444) * Changed: Default to WordPress default logout redirect [https://github.com/aamplugin/advanced-access-manager/issues/450](https://github.com/aamplugin/advanced-access-manager/issues/450) #### 7.0.0 * Official 7.0.0 #### 6.9.51 * Fixed: PHP Notice: Function _load_textdomain_just_in_time [https://github.com/aamplugin/advanced-access-manager/issues/442](https://github.com/aamplugin/advanced-access-manager/issues/442) * Fixed: The Access Manager Metabox does not initialize correctly [https://github.com/aamplugin/advanced-access-manager/issues/441](https://github.com/aamplugin/advanced-access-manager/issues/441) * Fixed: Incorrectly invoked translation function [https://github.com/aamplugin/advanced-access-manager/issues/440](https://github.com/aamplugin/advanced-access-manager/issues/440) * Fixed: Download audit report issue [https://github.com/aamplugin/advanced-access-manager/issues/438](https://github.com/aamplugin/advanced-access-manager/issues/438) #### 6.0.0 * Complete rewrite of the entire plugin. For more information, check [this article](https://aamplugin.com/article/advanced-access-manager-next-generation) #### 5.0 * Added ACCESS COUNTER option to Posts & Pages * Added premium MONETIZE option to Posts & Pages * Added ability to turn off “Secure Login” feature * Added ability to toggle extension status (active/inactive) * Added ability for AAM to filter out Admin Top Bar based on restricted admin menus * Deprecated AAM Role Filter extension and merged it to the AAM core * Deprecated AAM Payment extension and merged it with AAM E-Commerce extension * Deprecated ConfigPress options that manage access to AAM UI. All is based on capabilities from now. * Split UI to three areas: Access, Settings and Extensions * Fixed over 25+ reported bugs and discovered during internal refactoring * Removed deprecated “Security” feature. Replaced with Secure Login Widget * Removed deprecated “Teaser” feature. Replaced with Teaser Message per post base #### 4.0 * Added link Access to category list * Added shortcode [aam] to manage access to the post’s content * Moved AAM Redirect extension to the basic AAM package * Moved AAM Login Redirect extension to the basic AAM package * Moved AAM Content Teaser extension to the basic AAM package * Set single password for any post or posts in any category or post type * Added two protection mechanism from login brute force attacks * Added double authentication mechanism * Few minor core bug fixings * Improved multisite support * Improved caching mechanism #### 3.0 * Brand new and much more intuitive user interface * Fully responsive design * Better, more reliable and faster core functionality * Completely new extension handler * Added “Manage Access” action to the list of user * Tested against WP 3.8 and PHP 5.2.17 versions #### 2.0 * New UI * Robust and completely new core functionality * Over 3 dozen of bug fixed and improvement during 3 alpha & beta versions * Improved Update mechanism #### 1.0 * Fixed issue with comment editing * Implemented JavaScript error catching ## Meta * Version **7.1.0** * Last updated **1 month ago** * Active installations **100,000+** * WordPress version ** 5.8.0 or higher ** * Tested up to **6.9.4** * PHP version ** 5.6.0 or higher ** * Languages * [Dutch](https://nl.wordpress.org/plugins/advanced-access-manager/), [Dutch (Belgium)](https://nl-be.wordpress.org/plugins/advanced-access-manager/), [English (US)](https://wordpress.org/plugins/advanced-access-manager/), [French (France)](https://fr.wordpress.org/plugins/advanced-access-manager/), [Norwegian (Bokmål)](https://nb.wordpress.org/plugins/advanced-access-manager/), [Russian](https://ru.wordpress.org/plugins/advanced-access-manager/), [Spanish (Spain)](https://es.wordpress.org/plugins/advanced-access-manager/), and [Swedish](https://sv.wordpress.org/plugins/advanced-access-manager/). * [Translate into your language](https://translate.wordpress.org/projects/wp-plugins/advanced-access-manager) * Tags * [restricted content](https://wordpress.org/plugins/tags/restricted-content/)[security](https://wordpress.org/plugins/tags/security/) [user roles](https://wordpress.org/plugins/tags/user-roles/) * [Advanced View](https://wordpress.org/plugins/advanced-access-manager/advanced/) ## Ratings 4.2 out of 5 stars. * [ 310 5-star reviews ](https://wordpress.org/support/plugin/advanced-access-manager/reviews/?filter=5) * [ 22 4-star reviews ](https://wordpress.org/support/plugin/advanced-access-manager/reviews/?filter=4) * [ 14 3-star reviews ](https://wordpress.org/support/plugin/advanced-access-manager/reviews/?filter=3) * [ 8 2-star reviews ](https://wordpress.org/support/plugin/advanced-access-manager/reviews/?filter=2) * [ 66 1-star reviews ](https://wordpress.org/support/plugin/advanced-access-manager/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/advanced-access-manager/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/advanced-access-manager/reviews/) ## Contributors * [ AAM Plugin ](https://profiles.wordpress.org/vasyltech/) ## Support Issues resolved in last two months: 1 out of 1 [View support forum](https://wordpress.org/support/plugin/advanced-access-manager/)