{"id":289487,"date":"2026-04-06T20:04:29","date_gmt":"2026-04-06T20:04:29","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/limited-admin-role\/"},"modified":"2026-04-06T20:05:05","modified_gmt":"2026-04-06T20:05:05","slug":"limited-admin-role","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/limited-admin-role\/","author":16707033,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"2.9.1","stable_tag":"2.9.1","tested":"6.9.4","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"Limited Admin Role","header_author":"HEMDOX Digital","header_description":"Adds a custom \"Admin Panel Manager\" role with granular, categorized capability controls, per-plugin access rules, and a configurable session timeout. v2: full capability grid, Plugin Access Deny submenu.","assets_banners_color":"","last_updated":"2026-04-06 20:05:05","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/hemdox.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":24,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"2.9.1":{"tag":"2.9.1","author":"minhaz52","date":"2026-04-06 20:05:05"}},"upgrade_notice":{"2.0.0":"<p>Major update. After upgrading, visit Limited Admin Role \u2192 Settings \u2192 Capabilities to review and save your capability preferences. Existing block settings (Orders, Customers, Users, Reports) are preserved.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3500423,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3500423,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["2.9.1"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Settings page \u2014 General tab (session timeout, SEO plugin, role summary)","2":"Settings page \u2014 Capabilities tab (categorized checkbox grid)","3":"Settings page \u2014 Menu &amp; URL Blocks tab (quick-toggle switches)","4":"Plugin Access Deny submenu (per-plugin page blocking)","5":"Plugins page as seen by the managed role (view-only, no action links)"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1912,83,3710,1925,286],"plugin_category":[45],"plugin_contributors":[259577],"plugin_business_model":[],"class_list":["post-289487","plugin","type-plugin","status-publish","hentry","plugin_tags-access-control","plugin_tags-admin","plugin_tags-role","plugin_tags-user-role","plugin_tags-woocommerce","plugin_category-ecommerce","plugin_contributors-minhaz52","plugin_committers-minhaz52"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/limited-admin-role\/assets\/icon-128x128.png?rev=3500423","icon_2x":"https:\/\/ps.w.org\/limited-admin-role\/assets\/icon-256x256.png?rev=3500423","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>Limited Admin Role<\/strong> adds a custom WordPress role called <strong>Admin Panel Manager<\/strong> that gives a user broad content and product management access \u2014 but blocks access to WooCommerce Orders, Customers, Users, and sensitive reports.<\/p>\n\n<p><strong>Key Features:<\/strong><\/p>\n\n<ul>\n<li>\ud83d\udd10 Granular capability grid \u2014 enable or disable every WordPress &amp; WooCommerce capability from the settings UI, organized into 15 categories<\/li>\n<li>\ud83d\udeab Block WooCommerce Orders, Customers, Analytics, and WordPress Users (menu + URL + REST API)<\/li>\n<li>\ud83e\udde9 Plugin Access Deny \u2014 per-plugin admin page blocking via a dedicated submenu<\/li>\n<li>\ud83d\udd11 Plugins view-only \u2014 can see installed plugins list but cannot install\/activate\/deactivate\/update\/delete<\/li>\n<li>\ud83d\udd50 Configurable session timeout (default 12 hours) \u2014 forces logout regardless of \"Remember Me\"<\/li>\n<li>\u2705 Compatible with Rank Math, Yoast SEO, WooCommerce HPOS, and Cloudflare<\/li>\n<\/ul>\n\n<p><strong>Capability Categories:<\/strong><\/p>\n\n<ul>\n<li>Core Access, Posts, Pages, Media, Appearance &amp; Themes<\/li>\n<li>Plugins, Users, WordPress Updates<\/li>\n<li>WooCommerce Products, Orders, Coupons, Reports &amp; Analytics, Settings, Customers<\/li>\n<li>Comments<\/li>\n<\/ul>\n\n<h3>License<\/h3>\n\n<p>This plugin is licensed under the GNU General Public License v2.0 or later.<\/p>\n\n<p>Full license text: https:\/\/www.gnu.org\/licenses\/gpl-2.0.html<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>limited-admin-role<\/code> folder to <code>\/wp-content\/plugins\/<\/code> or install via <strong>Plugins \u2192 Add New \u2192 Upload Plugin<\/strong>.<\/li>\n<li>Activate the plugin through the <strong>Plugins<\/strong> menu.<\/li>\n<li>The <strong>Admin Panel Manager<\/strong> role is created automatically on activation.<\/li>\n<li>Configure settings at <strong>Limited Admin Role<\/strong> in the WordPress admin sidebar.<\/li>\n<li>Assign the role to users via <strong>Users \u2192 Add New<\/strong> or <strong>Users \u2192 Edit User \u2192 Role<\/strong>.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"how%20do%20i%20assign%20the%20role%20to%20a%20user%3F\"><h3>How do I assign the role to a user?<\/h3><\/dt>\n<dd><p>Go to <strong>Users \u2192 Add New<\/strong> and set the Role dropdown to <strong>Admin Panel Manager<\/strong>. Or edit an existing user and change their role.<\/p><\/dd>\n<dt id=\"can%20i%20change%20which%20capabilities%20are%20granted%3F\"><h3>Can I change which capabilities are granted?<\/h3><\/dt>\n<dd><p>Yes. Go to <strong>Limited Admin Role \u2192 Settings \u2192 Capabilities tab<\/strong>. Every capability is listed with a checkbox \u2014 check to grant, uncheck to deny. Changes apply immediately on save.<\/p><\/dd>\n<dt id=\"how%20does%20the%20session%20timeout%20work%3F\"><h3>How does the session timeout work?<\/h3><\/dt>\n<dd><p>On login, the plugin records a timestamp. On every admin page load, it checks if the elapsed time exceeds the configured limit (default: 12 hours). If so, the session is destroyed and the user is redirected to the login page with a \"Session expired\" message. The auth cookie is also clamped so \"Remember Me\" cannot extend beyond the limit.<\/p><\/dd>\n<dt id=\"can%20the%20user%20install%20or%20activate%20plugins%3F\"><h3>Can the user install or activate plugins?<\/h3><\/dt>\n<dd><p>No. Plugin installation, activation, deactivation, update, and deletion are always blocked. The user can view the installed plugins list (read-only). You can toggle even view access from the Capabilities tab (activate_plugins cap).<\/p><\/dd>\n<dt id=\"how%20does%20plugin%20access%20deny%20work%3F\"><h3>How does Plugin Access Deny work?<\/h3><\/dt>\n<dd><p>Go to <strong>Limited Admin Role \u2192 Plugin Access Deny<\/strong>. Every active plugin and its detected admin pages are listed. Check any pages to block them for the Admin Panel Manager role.<\/p><\/dd>\n<dt id=\"is%20it%20compatible%20with%20woocommerce%20hpos%3F\"><h3>Is it compatible with WooCommerce HPOS?<\/h3><\/dt>\n<dd><p>Yes. Both the legacy <code>post_type=shop_order<\/code> URL and the new HPOS <code>page=wc-orders<\/code> URL are blocked.<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20rank%20math%20and%20yoast%20seo%3F\"><h3>Does it work with Rank Math and Yoast SEO?<\/h3><\/dt>\n<dd><p>Yes. Both plugins show their meta boxes to any user with <code>edit_posts<\/code> capability, which this role has by default.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>2.3.0<\/h4>\n\n<ul>\n<li>Fixed: Rank Math REST API calls (\/wp-json\/rankmath\/v1\/updateSettings) returning 403 \u2014 SEO plugin REST routes are now always whitelisted<\/li>\n<li>Fixed: manage_options is temporarily elevated during any SEO plugin REST request so save\/update operations work correctly<\/li>\n<li>Improved: Capabilities tab now shows SEO plugin sections only when that plugin is actually installed \u2014 each setting as its own row, all defaulting to enabled<\/li>\n<li>Improved: Rank Math redirections, 404 monitor, analytics, site analysis \u2014 all individually controllable per row<\/li>\n<li>Improved: Yoast and AIOSEO caps similarly separated with all defaults on<\/li>\n<\/ul>\n\n<h4>2.2.0<\/h4>\n\n<ul>\n<li>Fixed: Replaced inline &lt;style&gt; echo in access control with wp_add_inline_style() (WordPress.org requirement)<\/li>\n<li>Fixed: Replaced inline &lt;style&gt; and &lt;script&gt; in Plugin Access Deny page with wp_add_inline_style() and wp_add_inline_script() (WordPress.org requirement)<\/li>\n<li>Improved: Plugin Access Deny now uses explicit slug patterns for Rank Math, Yoast, AIOSEO, WooCommerce and other major plugins \u2014 all their admin pages reliably appear in the deny list<\/li>\n<li>Added: Author URI field in plugin header<\/li>\n<li>Updated: Contributors field in readme.txt<\/li>\n<\/ul>\n\n<h4>2.1.0<\/h4>\n\n<ul>\n<li>Fixed: SEO plugins (Rank Math, Rank Math Pro, Yoast SEO, Yoast Premium, AIOSEO, AIOSEO Pro) now fully unrestricted \u2014 all caps pass through freely<\/li>\n<li>Added: SEO Plugins capability category with 15 caps across all supported plugins<\/li>\n<li>Added: Auto-detection of active SEO plugins shown on General tab<\/li>\n<li>Fixed: WordPress.Security.EscapeOutput errors (escaped $found with wp_kses, $bg with esc_attr)<\/li>\n<\/ul>\n\n<h4>2.0.0<\/h4>\n\n<ul>\n<li>Added full capabilities registry with 15 categorized sections<\/li>\n<li>Added per-capability checkbox grid in settings UI<\/li>\n<li>Added Plugin Access Deny submenu for per-plugin admin page blocking<\/li>\n<li>Added Grant All \/ Deny All per category, search\/filter, Restore Defaults<\/li>\n<li>Added toggle switches for quick access blocks<\/li>\n<li>Added unsaved-changes warning in settings<\/li>\n<li>Rebuilt settings page with tabbed UI<\/li>\n<li>All v1 features preserved<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Added plugin view-only mode (can see installed plugins list, all actions blocked)<\/li>\n<li>Added CSS hiding of plugin action links and bulk-action controls<\/li>\n<li>Removed Plugins menu from sidebar (now kept visible as read-only)<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Custom Admin Panel Manager role<\/li>\n<li>WooCommerce Orders, Customers, Users, Reports blocking<\/li>\n<li>12-hour session timeout with configurable settings page<\/li>\n<li>REST API blocking for orders, customers, users<\/li>\n<li>Compatible with Rank Math, Yoast SEO, WooCommerce HPOS<\/li>\n<\/ul>","raw_excerpt":"Adds a custom &quot;Admin Panel Manager&quot; role with granular capability controls, per-plugin access rules, and a configurable session timeout.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/289487","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=289487"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/minhaz52"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=289487"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=289487"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=289487"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=289487"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=289487"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=289487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}