WordPress Plugins – User Access Manager vs. Role Manager
Do you want to control access to your pages & posts or your admin features? There are plugins to fulfill these desires, but they come with some caveats…
If you just want to control access to your pages & posts, the way to go is User Access Manager. This allows you to set up posts and pages that are only accessible by selected users. This is a great way to organize group projects or pages for individual clients, employees, etc.
What’s the caveat? Older versions of User Access Manager create a .htaccess file in your Media Library folder (wp-content/uploads) to control who has access to the contents of the media folders. The result is that media in your posts/pages appear to be broken. Deactivating those versions will not remove the .htaccess files. The simple answer is to make sure that you are using the latest version of the plugin, which gives you options to lock those files or not, and will automatically delete the .htaccess files when you deactivate it (special thanks to Alex – the plugin’s author – for that update).
If you want to control which roles have access to which admin features, then the way to go is Role Manager. This plugin allows you to see and modify all of the default roles and their associated capabilities. You can also create your own custom roles and capabilities, or assign new capabilities created by other plugins to the desired role(s).
What’s the caveat? The Role Manager plugin can interfere with other plugins that reference the user roles. For example, plugins like Profiler and WP Users allow you to check off which roles are to be displayed. If those roles have been modified, they are not recognized by these plugins and will not display. Also, like the User Access Manager, you can’t simply deactivate the Role Manager plugin and reset everything to the way it was before. Deactivating the plugin will leave the sites roles and capabilities however you last set them. So, you may want to make a note of what the default roles and capabilities are before you change them.
As people try to squeeze more advanced features out of a stock WordPress installation, they may find themselves in a situation that is difficult to get out of. What’s the answer? Start a development blog. This can be used as a “sandbox” where you can try things without fear of “blowing up” your production blog. After all, WordPress is free. You can go into Settings > Privacy and mark your development blog private to hide it from search engines. You can also use plugins to hide your experimental pages and posts or prevent people from accessing the site without a login.
This article copyright © John Nasta 2009 – All Rights Reserved
You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.