WordPress Access Areas

Description

WP Access Areas lets you fine-tune who may read, edit or comment on your Blog posts.
You can either restrict access to logged-in uses only, certain WordPress-Roles or
even custom Access Areas.

Features

  • Define custom Access Areas and assign them to your blog-users
  • Restrict reading, editing and commenting permission to logged-in users, certain WordPress-Roles or Access Areas
  • define global access areas on a network
  • Supports bulk editing
  • German, Italian, Polish and Swedish localization (Huge Thankyou @ all translators!)

Latest files on GitHub.

Developers might like to have a look at the project wiki.

Known Issues

  • WordPress calendar Widget still shows dates where restricted posts have been created.
    When clicked on such a date a 404 will occur. There is an open
    WordPress Core ticket on that issue.
  • Taxonomy menus (e.g. Tags / Categories) also count restricted posts when the total number
    of posts in a taxonomy is ascertained.
    See this post for details.

Screenshots

  • Area Access Manager
  • User Editing
  • Post Access Control
  • Post Access Behaviour

Installation

  1. Upload the ‘wp-access-areas.zip’ to the /wp-content/plugins/ directory and unzip it.

  2. Activate the plugin through the ‘Plugins’ menu in WordPress

FAQ

Why can’t I protect media?

Because the plugin can only protect posts, which are database entries. A media also contains a
file stored on your servers file system. A file is normally just returned by the server, the
WordPress core is not involved. In order to protect a file, let’s say an image, the Image URL
would have to be point to a special Script, that decides whether the file is protected or not,
and if so, which user or group of users would be granted access.

A lot of processing would be going on, and each and every little thumbnail would add another
one or two seconds to your page load time. The result: Tears, rage and support requests.

What does it exactly do?

For each Post it stores a capabilty the user needs to have in order to view, edit or comment on a post.
By defining an Access Area you create nothing more than a custom capability.

Why didn’t you use post_meta to store permissions? WordPress already provides an API for this!

I did this mainly for performance reason. For detecting the reading-permission on specific content,
the plugin mainly affects the WHERE clause used to retrieve posts. In most cases, using post_meta
would mean to add lots of JOIN clauses to the database query, slowing down your site’s performance.

Does it mess up my database?

It makes changes to your database, but it won’t make a mess out of it. Upon install it does two things:
1. It creates a table named ´{$wp_prefix}_disclosure_userlabels´. The access areas you define are here.
2. It adds three columns to Your Posts tables: post_view_cap and post_comment_cap.

Upon uninstall these changes will be removed completely, as well as it will remove any custom generated
capability from your user’s profiles.

I’d like to do some more magic / science with it. And yes: I can code!

Developer documentation can be found in the project wiki.

I found a bug. Where should I post it?

I personally prefer GitHub but you can post it in the forum as well. The plugin code is here: GitHub

I want to use the latest files. How can I do this?

Use the GitHub Repo rather than the WordPress Plugin. Do as follows:

  1. If you haven’t already done: Install git

  2. in the console cd into Your ‘wp-content/plugins´ directory

  3. type git clone git@github.com:mcguffin/wp-access-areas.git

  4. If you want to update to the latest files (be careful, might be untested on Your WP-Version) type git pull´.

Please note that the GitHub repository is more likely to contain unstable and untested code. Urgent fixes
concerning stability or security (like crashes, vulnerabilities and alike) are more likely to be fixed in
the official WP plugin repository first.

I found a bug and fixed it. How can I contribute?

Either post it on GitHub or—if you are working on a cloned repository—send me a pull request.

How can I contribute a localization?

My goal is to host all translations on translate.wordpress.org.
For German this is already accomplished. For almost every other localization the project is still in
need of translation editors.

If you want to contribute a translation please let me know by posting a comment to this thread
stating the name of this plugin, the locale you would like to maintain and some brief information about you – e.g. if you are a native speaker.
I will back up your request with all the authority that a simple plugin developer can have.

Reviews

Amazing Access Control Plugin

I’ve been looking for a way to restrict access to certain articles of a knowledge base to different user groups for a couple of weeks. This plugin solved all of the issues that I was having and I didn’t even need to couple it with a separate role manager plugin. (Seems like it would work really well with the Members plugin or any other role management plugin though.)

Thank you!

Read all 11 reviews

Contributors & Developers

“WordPress Access Areas” is open source software. The following people have contributed to this plugin.

Contributors

“WordPress Access Areas” has been translated into German. Thank you to the translators for their contributions.

Translate “WordPress Access Areas” into your language.

Interested in development?

Browse the code or subscribe to the development log by RSS.

Changelog

1.5.1

  • Localization: move de_DE and de_DE_formal to translate.wordpress.org

1.5.0

  • Fix: A network admin without blog role could not edit post access by WP Roles
  • Plugin settings: Use WP Post statuses in favor of hard coded status list (allows use of custom post statuses now)
  • Introduce filter: ‘wpaa_allowed_post_stati’
  • Localization: Rework strings
  • Localization: Introduce de_DE_formal
  • Localization: consistent use of plugin textdomain

1.4.7

  • Fix: PHP deprecated warning during install + network upgrade
  • Fix: Incorrect Post Classes

1.4.6

  • Fix: Crash during install

1.4.5

  • Fix: WP _doing_it_wrong message

1.4.4

  • Fix: Multisite install procedere
  • Fix: Add self repair functionality (Ass missing posts table columns)

1.4.3

  • Fix: Post Custom behavior not dispalying in metabox when fallback page is default fb page
  • Fix: invalid login redirect URI in subdirectory installs

1.4.2

  • Fix: no restrictions for empty post objects (fixes buddypress profile page issue)
  • Fix: wrong redirection behavior for logged in users

1.4.1

  • Fix: set suppress_filters to false on get_posts
  • Fix: Saving Access Area Name

1.4.0

  • Feature: Explicitly enable / disable custom behaviour on posts.
  • UI: Combine columns in Posts list table
  • Fix: Contained roles were not assumed correctly
  • Fix: QuickEdit did not show Access after save
  • Compatibility: Drop support for WP < 3.8
  • Code refactoring, switched classname prefixes

1.3.3

  • Fix: Database error on comment feeds. Hiding or redirecting from comment feeds should work now.
  • Fix: Crash during update (function get_editable_roles not found)

1.3.2

  • Security Fix: Exclude restricted posts from comment feeds

1.3.1

  • Fix: Possible vulnerability where unauthorized users could change post access settings
  • L10n: change plugin textdomain from ‘wpundisclosed’ to ‘wp-access-areas’ (= Plugin slug). Rename lang/ > languages/.

1.3.0

  • WordPress 4.0 compatibility
  • Feature: Show Access Columns on Media and Custom Post type list views
  • Feature: Select default access for new posts.
  • Feature: Role Caps. Set which roles can edit post access properties
  • Improvement: Cache DB results
  • Plugin API: Added filter: wpaa_update_access_area_data
  • Plugin API: Added actions: wpaa_grant_access, wpaa_grant_{$wpaa_capability}, wpaa_revoke_access, wpaa_revoke_{$wpaa_capability}, wpaa_create_access_area, wpaa_update_access_area
  • Plugin API: Added function: wpaa_get_access_area( $identifier )

1.2.9

Fixing that one: https://wordpress.org/support/topic/plugin-causing-crash-post-woocommerce-update-today?replies=5

1.2.8

  • Fix: Post Edit save 404 behaviour
  • Fix: Hide inacessible posts in Recent Comments widget
  • Fix: Hide inacessible posts in Latest posts widget
  • Fix: Hide inacessible posts in Archive widget
  • Fix: Don’t show comments to inaccessible posts in WP-Admin. (Prohibits editing as well.)
  • L10n: Polish localisation

1.2.7

  • Feature: Explicitly select Front page as Fallback page.
  • Feature: Edit view cap now available for backend-only posts as well.
  • Fix: 404 behaviour not saving when default behaviour is other than 404
  • API: added function wpaa_is_post_public( $post )

1.2.6

  • Feature: Option to select post status after deleting access area
  • Fix: Wrong viewing permissions after delete access area
  • Fix: remove options upon uninstall
  • Swedish localization

1.2.5

  • Feature: Bulk edit users: Grant and revoke access.
  • Fix: Was able to create access areas with empty names.
  • Fix: Ignores WP’s Comments closed status

1.2.4

  • Fix: User list table column

1.2.3

  • Check WP 3.9 compatibility
  • Fix: With no AAs present add Access Area didn’t show up on profile edit page

1.2.2

  • Fix: Used wrong option name on edit post
  • Fix: Embarrassing wrong var name on edit post
  • L10n: Added one more italian string

1.2.1

  • Feature: Option to redirect to wp-login or to fallback page.
  • Feature: action hook an filter on access attempt for a restricted post. (see GitHub Repo for details)
  • Feature: post classes
  • CSS: use dashicons
  • Italian localization

1.2.0

  • Feature: Bulk edit Posts
  • Feature: Ajax-Add AAs on User edit screen
  • Debug: Fix invalid HMTL on user list table
  • Debug: Remove edit post link from frontend
  • Debug: Invisible posts are now also excluded from editing
  • Debug: Remove “Who can read”-Select from non-public post types

1.1.11

  • Debug: Fix Comment issue. Selecting “WordPress default” now does what it is supposed to: handling over the comment responsibility to WordPress.

1.1.10

  • Debug: Fix missing file issue

1.1.9

  • Feature/Debug: Network admins now have access to all areas on all blogs. Blog admins have access to all areas on their own blog(s).
  • Code: put general use processes into function

1.1.9

  • Feature/Debug: Network admins now have access to all areas on all blogs. Blog admins have access to all areas on their own blog(s).
  • Code: put general use processes into function

1.1.8

  • Fixed: Fixed issue, where access areas where not shown on user editing in single-site installs.

1.1.7

  • Fixed: Fixed issue, where posts table was not modified after creating new blog. Use WP’s upgrade network function to fix all posts tables.

1.1.6

  • Feature: WP-Capability column in Access Areas table view
  • Fixed: Commenting was still possible after switching off comments and setting comment capabilities to ‘use WP defaults’.

1.1.5

1.1.4

  • Fix: issue where WP-comment settings were not applied while saving post
  • Improve DE Localization

1.1.3

  • Fix: post tables did not update on wpmu_new_blog
  • Fix: deletion issue
  • Localize Plugin description

1.1.2

  • Added versioncheck

1.1.1

  • Improve loading behaviour

1.1.0

  • Added editing restrictions.
  • Several fixes.

1.0.0

  • Initial Release