WordPress Plugins – User Access Manager vs. Role Manager

Do you want to control access to your pages & posts or your admin features? There are plugins to fulfill these desires, but they come with some caveats…

If you just want to control access to your pages & posts, the way to go is User Access Manager. This allows you to set up posts and pages that are only accessible by selected users. This is a great way to organize group projects or pages for individual clients, employees, etc.

What’s the caveat? Older versions of User Access Manager create a .htaccess file in your Media Library folder (wp-content/uploads) to control who has access to the contents of the media folders. The result is that media in your posts/pages appear to be broken. Deactivating those versions will not remove the .htaccess files. The simple answer is to make sure that you are using the latest version of the plugin, which gives you options to lock those files or not, and will automatically delete the .htaccess files when you deactivate it (special thanks to Alex – the plugin’s author – for that update).

If you want to control which roles have access to which admin features, then the way to go is Role Manager. This plugin allows you to see and modify all of the default roles and their associated capabilities. You can also create your own custom roles and capabilities, or assign new capabilities created by other plugins to the desired role(s).

What’s the caveat? The Role Manager plugin can interfere with other plugins that reference the user roles. For example, plugins like Profiler and WP Users allow you to check off which roles are to be displayed. If those roles have been modified, they are not recognized by these plugins and will not display. Also, like the User Access Manager, you can’t simply deactivate the Role Manager plugin and reset everything to the way it was before. Deactivating the plugin will leave the sites roles and capabilities however you last set them. So, you may want to make a note of what the default roles and capabilities are before you change them.

As people try to squeeze more advanced features out of a stock WordPress installation, they may find themselves in a situation that is difficult to get out of. What’s the answer? Start a development blog. This can be used as a “sandbox” where you can try things without fear of “blowing up” your production blog. After all, WordPress is free. You can go into Settings > Privacy and mark your development blog private to hide it from search engines. You can also use plugins to hide your experimental pages and posts or prevent people from accessing the site without a login.

This article copyright © John Nasta 2009 – All Rights Reserved
Be Sociable, Share!

You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.


  • Well, to mention is that UAM, User Access Manager is not scalable. We tried around 20 access levels, couple of hundreds posts and ends up with thousands of queries.

    As today, you can read about it at some threads on WP support on the plugins download resp.

    UAM is also not handling recursive locked categories as expected. Try edit a subcategory, like the description, and all posts gets visible in the front end.

    There are workarounds, like choosing NO in the settings (even if YES is recommended by the author) But the point is, its not trustable. Still is UAM one of the most user frindly, easy to get into a client project and so on. It also hides areas well – a lot of other plugin leaks on “last comments” etc etc.

    We hope they fix this kind of handling asp. To choose a “restricted” category, at no top level, can expose important information.

  • Carla says:

    Hi, I installed UAM with WP Version 2.8.6. Everything works beautifully, BUT users without access can still read the comments from categories they have no access to, by going to the dashboard. More description (if needed) here: http://wordpress.org/support/topic/270787.

    I would be very, very grateful if this bug could be fixed, since it kinda negates the entire point of the plugin…

    • John Nasta says:

      Is it possible for you to use the WP Hide Dashboard plugin?

      Is there a reason why you’re not running the latest version of WordPress? You never know what you’re going to get when you mix versions of various plugins and WordPress that were not really written to work together.

    • Im shure you got a conflict. We really tested UAM upside inside out with 100 of plugins and some couses that kind of leak. Specially upload plugins.

  • Wordpress Plugins – Caveats for Emptors | GreyBlogs.com - Themes says:

    […] WordPress Plugins – User Access Manager vs. Role Manager Do you want to […]

  • Ariana Sego says:

    Good work! Thank you very much! I always wanted to write in my blog something like that. Can I take part of your post to my blog? Of course, I will add backlink?

  • Tamiflu says:

    I want to say – thank you for this!

  • GM_Alex says:

    Hi John,

    I have changed the message after reading about that at your blog. I’m thinking about a function which is changing all old uploads links if you activate the plugin, too. But this feature is a little bit dangerous because I have to write that changes at the database.


    • John Nasta says:

      Thanks Alex,

      I was checking out the new version today. I especially like the way you can pop open a list of subscribed users and check off who has access to the group posts, as well as specify them by role or IP. Very nice.


  • GM_Alex says:

    Hi John,

    I’m the author of the User Access Manager. You are saying: “Keep in mind that deactivating this plugin will not remove the .htaccess files.” But this isn’t right. Since version the deactivating of the plugin will remove the .htaccess files. And you can deactivate the .htaccess files also at the settings screen by setting “Lock files” to “No”. I hope that helps.


    • John Nasta says:

      Thanks Alex,

      That’s great news. I haven’t checked out the newest version. I will do that.

      It seems like people don’t understand the message about “downloads” (should say uploads) to the Media Gallery not appearing after the plugin is installed. Maybe that message has been changed or removed in the new version.



Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>