Plugin Directory

Test out the new Plugin Directory and let us know what you think.
!This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Private! WordPress Access Control Manager

Manage easily, who is allowed to access your blog or certain parts of your blog or just improve the security of your installation


  • Added: Option to display an error message, instead of redirecting users to the login or to another page
  • Added: Option to display 404 error page instead of a Bad Request error
  • Added: Log all potential malicious url requests (A viewer will be added in one of the next versions)
  • Added: Block requests longer than 255 chars
  • Added: Block requests containing your db prefix
  • Added: Block file uploads with dangerous file endings
  • Added: Block directory traversal attacks
  • Added: Force security settings on all member blogs in a multisite environment
  • Added: Ability to remove readme.html from blog root
  • Added: Protect your Plugins and Includes Folder by creating index.php files in these folders
  • Added: Capability setting for editing auth time
  • Added: Restrict the Admin to your current ip
  • Changed: Split detection of xss/sql Attacks
  • Changed: Standard capability for editing users changed to edit users
  • Fixed: Redirect to login does not work correctly in some situations
  • Fixed: Plugin link is now shown, even if there are no restrictions


  • Fixed: Typo in login, signup condition, that might give access for anyone [Thanks to sulfsby]


  • Fixed: PHP Warning when not hiding tags


  • Added: Multisite registration to single blogs is not restricted to subdomain installations anymore
  • Added: Tags can also be hidden from the Tag cloud widget
  • Changed: Moved multisite options down on the settings page
  • Fixed: Register page stays open, even if all pages are restricted


  • Added: Brazilian Portugese language file [Big big thanks to Eduardo]
  • Fixed: Error in check_auth, which prevents logged in user to see hidden categories [Sorry to Sabeth]


  • Fixed: Translation issue in the main menu [Big thanks to Eduardo]


  • Added: Allow users to register directly to a blog in the multisite network if webmaster allows [Thanks to Aphrodite for the suggestion]
  • Added: Ability to add directly to a blog for users if webmaster allows [Thanks to Aphrodite for the suggestion]
  • Added: PHP Version check for really really old installations [Thanks for lauryn]
  • Fixed: auth date was taken from current user and not from shown user
  • Fixed: admin warnings are restricted to admins now
  • Fixed: update notices are restricted to admins now


  • Added: Remove restricted posts from front page, search, blog home etc. for non authorized users based on restricted categories, tags or posts
  • Added: Remove categories from sidebar


  • Fixed: Plugin does not show categories, if the first category was deleted or edited [Thanks to Sabeth and cscscs]


  • Added: Option to remove feeds from blog headers
  • Added: Generation of feed keys, so that RSS Reader can access restricted feeds
  • Added: Navigation below Admin
  • Added: Ability to remove feed keys from database
  • Added: Force users to use only strong passwords
  • Changed: Merged the access rights pages
  • Fixed: Some improvements on the assistant
  • Fixed: Some wrong or forgotten translations
  • Fixed: A lot of typos


  • Fixed: A small bug in des.class.php as the password is not decrypted correctly because of unneeded whitespaces


  • Added: Easy to use setup assistant
  • Added: Option to delete brute force logs
  • Fixed: Added english and german translation for user profile field


Fixed: Wrong parameter count on form_row [Thanks to hdridder]


  • Added: New options are marked as new
  • Fixed: Secure key was not depending on your installation


  • Added: Secure login script


  • Fixed: wrong datatype in array [Thanks to bamajr]


  • Added: New interface design
  • Added: Allow access to attachments
  • Added: Disable all restrictions with a single click
  • Added: Customize your login error messages
  • Added: Prevent against attackers with tarpit technology
  • Added: Brute force prevention
  • Added: Define maximum login attempts and lockout time for brute force attempts
  • Added: Remove or anonymize your WordPress Generator Meta Tag
  • Added: Notification of recent updates
  • Changed: Seperate settings for RSD and WLW headers
  • Fixed: Some language strings
  • Fixed: Some unitialized variables
  • Fixed: Issue on setting the time for access allowed
  • Fixed: Allowing single posts also allowed access to pages
  • Fixed: logged in users may had lower rights than logged out if they were not approved
  • Fixed: fixed some very complicated rules with tags and categories in single posts
  • Fixed: A lot of testing with all kinds of rules


  • Another fix in multisites
  • Deleted some warnings about uninitialized vars


  • Fixed a bug in non multisite environment


  • Fixed a bug with deleting user settings in multisite environment


  • A lot of small bugfixes - mainly wrong paths and forgotten translations


  • Initial release - it may let explode your hamster!

Requires: 3.0.0 or higher
Compatible up to: 3.0.5
Last Updated: 6 years ago
Active Installs: 1,000+


0 out of 5 stars


Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1 50,2,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,3,3 100,3,3 50,2,1 100,1,1 100,1,1 100,1,1 100,2,2 100,6,6