WordPress Plugins – User Access Manager vs. Role Manager
Do you want to control access to your pages & posts or your admin features? There are plugins to fulfill these desires, but they come with some caveats…
If you just want to control access to your pages & posts, the way to go is User Access Manager. This allows you to set up posts and pages that are only accessible by selected users. This is a great way to organize group projects or pages for individual clients, employees, etc.
What’s the caveat? Older versions of User Access Manager create a .htaccess file in your Media Library folder (wp-content/uploads) to control who has access to the contents of the media folders. The result is that media in your posts/pages appear to be broken. Deactivating those versions will not remove the .htaccess files. The simple answer is to make sure that you are using the latest version of the plugin, which gives you options to lock those files or not, and will automatically delete the .htaccess files when you deactivate it (special thanks to Alex – the plugin’s author – for that update).
If you want to control which roles have access to which admin features, then the way to go is Role Manager. This plugin allows you to see and modify all of the default roles and their associated capabilities. You can also create your own custom roles and capabilities, or assign new capabilities created by other plugins to the desired role(s).
What’s the caveat? The Role Manager plugin can interfere with other plugins that reference the user roles. For example, plugins like Profiler and WP Users allow you to check off which roles are to be displayed. If those roles have been modified, they are not recognized by these plugins and will not display. Also, like the User Access Manager, you can’t simply deactivate the Role Manager plugin and reset everything to the way it was before. Deactivating the plugin will leave the sites roles and capabilities however you last set them. So, you may want to make a note of what the default roles and capabilities are before you change them.
As people try to squeeze more advanced features out of a stock WordPress installation, they may find themselves in a situation that is difficult to get out of. What’s the answer? Start a development blog. This can be used as a “sandbox” where you can try things without fear of “blowing up” your production blog. After all, WordPress is free. You can go into Settings > Privacy and mark your development blog private to hide it from search engines. You can also use plugins to hide your experimental pages and posts or prevent people from accessing the site without a login.
This article copyright © John Nasta 2009 – All Rights Reserved
Related posts:
- WordPress User Access Management What’s the most fun you can have with a program that’s written for information sharing?...
- WordPress CMS – User Access Levels The more I use WordPress the more I like it. Recently I’ve been asked to...
- WordPress Plugins – Caveats for Emptors Here’s a list of WordPress plugins that didn’t work out for me and why. Keep...
- WordPress Plugins – Theme Test Drive A WordPress plugin that’s well worth checking out is Theme Test Drive by Vladimir Prelovac....
- WordPress Plugins – Plugin Central The last time I recommended a plugin, it was Theme Test Drive by Vladimir Prelovac....
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Hi, I installed UAM 0.9.1.3. with WP Version 2.8.6. Everything works beautifully, BUT users without access can still read the comments from categories they have no access to, by going to the dashboard. More description (if needed) here: http://wordpress.org/support/topic/270787.
I would be very, very grateful if this bug could be fixed, since it kinda negates the entire point of the plugin…
Is it possible for you to use the WP Hide Dashboard plugin?
Is there a reason why you’re not running the latest version of WordPress? You never know what you’re going to get when you mix versions of various plugins and WordPress that were not really written to work together.
[...] WordPress Plugins – User Access Manager vs. Role Manager Do you want to [...]
Good work! Thank you very much! I always wanted to write in my blog something like that. Can I take part of your post to my blog? Of course, I will add backlink?
I want to say – thank you for this!
Hi John,
I have changed the message after reading about that at your blog. I’m thinking about a function which is changing all old uploads links if you activate the plugin, too. But this feature is a little bit dangerous because I have to write that changes at the database.
Bye,
Alex
Thanks Alex,
I was checking out the new version today. I especially like the way you can pop open a list of subscribed users and check off who has access to the group posts, as well as specify them by role or IP. Very nice.
John
Hi John,
I’m the author of the User Access Manager. You are saying: “Keep in mind that deactivating this plugin will not remove the .htaccess files.” But this isn’t right. Since version 0.8.0.2 the deactivating of the plugin will remove the .htaccess files. And you can deactivate the .htaccess files also at the settings screen by setting “Lock files” to “No”. I hope that helps.
Bye,
Alex
Thanks Alex,
That’s great news. I haven’t checked out the newest version. I will do that.
It seems like people don’t understand the message about “downloads” (should say uploads) to the Media Gallery not appearing after the plugin is installed. Maybe that message has been changed or removed in the new version.
John