WordPress CMS – User Access Levels

The more I use WordPress the more I like it.

Recently I’ve been asked to do two web sites that have multiple access levels. One is for a graphic designer who wants a public site as well as things only her clients can see and things only her employees can see. The other is a private club that wants to give a very small amount of information to the public, and also wants separate access to information for two levels of membership. In both cases I used WordPress.

For the private club, I used the Role Manager plugin to create a Subscriber level that has access to pages marked Private, and another that has access to pages and posts marked Private. Thereby I created two levels of private access. See my article titled “Caveats for Emptors” for warnings about using the Role Manager plugin. You may prefer to use the User Access Manager plugin instead. I used it on the graphic designer’s site and will probably never use the Role Manager again.

To augment that, I added Peter’s Login Redirect plugin to both sites. This plugin allows you to redirect users to any page on the site by user name, role, numeric admin level, or “anyone else” (i.e. anyone not defined by the preceding criteria). The really nice thing about this plugin is not terribly obvious. If you have created a page or post that you only want one person or a defined group to see, you can send them there directly. Note that by default, links to pages marked Private will not appear in your WP navigation, and category links will only appear if there is at least one public post in the category. So, now you have a way of “hiding” information within your site. You could (for example) give your employees access to a category that contains protected posts about several projects and your clients a direct route to a specific page where their project is posted. Search  the WordPress plugins directory for the words login redirect and you will find similar plugins that may better suit your specific purposes. Beware of Weasel’s Login Redirect as it requires the Role Manager plugin to work.

Finally in both cases I used the Hide dashboard plugin and removed the Meta links from the sidebar so that Subscriber-level  visitors won’t mess with the login profiles.

Thanks WordPress!

This article copyright © John Nasta 2009 – All Rights Reserved
Be Sociable, Share!

You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.


  • Julien says:

    I am using UAM too. It is really a great plugin. Although here is what I am trying to achieve and maybe you have some advice on this matter:
    1. Only users from group A will create posts. (in my real case woocommerce products, but let’s start with basic WP elements first)
    2. These posts will be assigned to group B (thanks to UAM). Other posts to Group C.
    3. Some group B users can read only, others can read and write.
    >> until there everything is fine<<
    3. Group B users with write-access sign in in the admin panel to edit posts content!
    A. I don’t want them to see posts that are not assigned (UAM) to them:
    How can I do – for they are not the author I can’t use plugins with “see their own posts only” feature? And this is a critical point for I don’t want them see posts (products) belonging to an other group.
    B. I know how to restrict the front end – but in order to edit users have to access the back-end. At first I was thinking to use Front-End Editor Plugin but I am not a developer and don’t know how to extend its capalities to woocommerce and custom fields (using wp-Types)…
    C. As a cherry on the cake I would love to
    apply restrictions on a field level (some users can read and write this field, some others can read, others nothing at all…)

    So any idea or plugin you know could help are welcome 🙂

    Thanks again,

  • amy says:

    How about various editing-user roles? For instance I have a WordPress site w/ areas A, B and C (each a different page) and people that are Head Poo-Bah of A, Head Poo-Bah of B, etc. They each need to edit their own area, but shouldn’t have access to the other two.

    I get the feeling the answer to this is, “Get a real CMS system,” but wanted to ask those in the know. 🙂

    • John Nasta says:

      The WordPress Roles & Capabilities cover some of this. Someone with the role of Author can publish but they can only edit or delete their own posts. An Editor can edit or delete other Authors’ posts. That’s why I prefer not to define user groups by Role. There are also plugins that allow you to manipulate the capabilities for each role, but be careful because some of them let you do things that may not be easy to undo. There is an explanation of WordPress Roles & Capabilities here http://codex.wordpress.org/Roles_and_Capabilities

  • Bill says:

    Yeeeaaahhh … it’s just that’s the easy part. Today requirements of a CMS is much more. Here is a scenario that WP can’t handle.
    You want one community site for sports fans: soccer, cricket and chess. Some of those that play cricket also play soccer and chess, some of those who play cricket also play soccer and/or chess.
    On the top of that members from all groups take part in the fundraising activities.
    Naturally, or sub-site-contributors and managers are overlapping too.
    To keep the joint user-friendly, you want only one login for those, who are part of more groups. Also you would want the hierarchical management of the sub-sites. Some are top managers in one sub-site but only low end contributors in the other sub-site.
    That’s what one is interested about.

    • John Nasta says:

      Well, like my mother used to say “People in hell want free air conditioners but they’re not going to get them.”

  • Fairy says:

    I wasn’t aware of the Peter’s login redirect plugin but can definitely see how useful this could be when it comes to limiting access to certain pages, etc… The two plugins have nothing to do with each other really. You can use either one without the other.Thanks

  • Maqsood says:

    Very useful plugin john. I was looking for a similar solution for my multi user interface blog. Its worth using for the multi leveled login. Thanks

  • Elise says:

    Thanks for sharing – I wasn’t aware of the Peter’s login redirect plugin but can definitely see how useful this could be when it comes to limiting access to certain pages, etc…

    I also wasn’t aware of the sidebar login plugin.

    Take care,


  • Jeff says:

    Curious if you have advice about how to do the following:
    WordPress site will have content which is password protected (news articles or press releases, for example). The organization wants to send out an e-newsletter with links to some of this content. And, they want any recipient of the newsletter to be able to access the content. So, in short, if a user navigates the site via a browser, the content in question would require login to view. But, URLs embedded into the newsletter would bypass the login and drill down directly to the content. Is that possible?

  • lilious says:

    Thanks for this very useful article !!! Exactly what I needed !

  • Kris says:

    How do I use the Peters log in redirect with the user access manager.

    Another thing, where does my login widget come from?



    • John Nasta says:

      Hi Kris,

      The two plugins have nothing to do with each other really. You can use either one without the other.

      If you want a login widget, try the Sidebar Login plugin.


  • Classroom Technology Thoughts (Twitter Weekly Updates) for 2009-11-29 | blog.classroomteacher.ca says:

    […] login redirect plugin based on user role http://johnnasta.com/blog/2009/wordpress/wordpress-cms-user-access-levels/ […]

  • Josef Telmer says:

    Very useful information. Thanks for this. You got a great blog .I will be interested in more similar topics.I’m very interested in CMS and all its related subjects.

  • Wordpress Plugins – User Access Manager vs. Role Manager | GreyBlogs.com - Themes says:

    […] WordPress CMS – User Access Levels The more I use […]


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>