Title: Access Areas for WordPress Author: podpirate Published: July 18, 2013 Last modified: December 5, 2025 --- Search plugins ![](https://ps.w.org/wp-access-areas/assets/banner-772x250.png?rev=1005076) ![](https://s.w.org/plugins/geopattern-icon/wp-access-areas_616579.svg) # Access Areas for WordPress By [podpirate](https://profiles.wordpress.org/podpirate/) [Download](https://downloads.wordpress.org/plugin/wp-access-areas.1.5.22.zip) * [Details](https://wordpress.org/plugins/wp-access-areas/#description) * [Reviews](https://wordpress.org/plugins/wp-access-areas/#reviews) * [Installation](https://wordpress.org/plugins/wp-access-areas/#installation) * [Development](https://wordpress.org/plugins/wp-access-areas/#developers) [Support](https://wordpress.org/support/plugin/wp-access-areas/) ## Description WP Access Areas lets you fine-tune who may read, edit or comment on your Blog posts. You can either restrict access to logged-in uses only, certain WordPress-Roles or even custom Access Areas. #### Features * Define custom Access Areas and assign them to your blog-users * Restrict reading, editing and commenting permission to logged-in users, certain WordPress-Roles or Access Areas * define global access areas on a network * Supports bulk editing * German, Italian, Polish and Swedish localization (Huge Thankyou @ all translators!) #### Known Issues * WordPress calendar Widget still shows dates where restricted posts have been created. When clicked on such a date a 404 will occur. There is an open [WordPress Core ticket on that issue](https://core.trac.wordpress.org/ticket/29319). * Taxonomy menus (e.g. Tags / Categories) also count restricted posts when the total number of posts in a taxonomy is ascertained. See [this post](https://wordpress.org/support/topic/archive-recents-posts-last-comments-show-restricted-content?replies=5#post-5929330) for details. #### Development Please head over to the source code [on Github](https://github.com/mcguffin/wp-access-areas). ## Screenshots * [[ * Area Access Manager * [[ * User Editing * [[ * Post Access Control * [[ * Post Access Behaviour ## Installation 1. Upload the ‘wp-access-areas.zip’ to the `/wp-content/plugins/` directory and unzip it. 2. Activate the plugin through the ‘Plugins’ menu in WordPress ## FAQ ### Why can’t I protect media? Because the plugin can only protect posts, which are database entries. A media also contains a file stored on your servers file system. A file is normally just returned by the server, the WordPress core is not involved. In order to protect a file, let’s say an image, the Image URL would have to be point to a special Script, that decides whether the file is protected or not, and if so, which user or group of users would be granted access. A lot of processing would be going on, and each and every little thumbnail would add another one or two seconds to your page load time. The result: Tears, rage and support requests. ### What does it exactly do? For each Post it stores a capabilty the user needs to have in order to view, edit or comment on a post. By defining an Access Area you create nothing more than a custom capability. ### Why didn’t you use post_meta to store permissions? WordPress already provides an API for this! I did this mainly for performance reason. For detecting the reading-permission on specific content, the plugin mainly affects the WHERE clause used to retrieve posts. In most cases, using post_meta would mean to add lots of JOIN clauses to the database query, slowing down your site’s performance. ### Does it mess up my database? It makes changes to your database, but it won’t make a mess out of it. Upon install it does two things: 1. It creates a table named ´{$wp_prefix}_disclosure_userlabels ´. The access areas you define are here. 2. It adds three columns to Your Posts tables: post_view_cap and post_comment_cap. Upon uninstall these changes will be removed completely, as well as it will remove any custom generated capability from your user’s profiles. ### I’d like to do some more magic / science with it. And yes: I can code! Developer documentation can be found in [the project wiki](https://github.com/mcguffin/wp-access-areas/wiki). ### I found a bug. Where should I post it? Please do so in the [GitHub Repository](https://github.com/mcguffin/wp-access-areas). ### I found a bug and fixed it. How can I contribute? Pull request are welcome in the [GitHub Repository](https://github.com/mcguffin/wp-access-areas). ## Reviews ![](https://secure.gravatar.com/avatar/b4ae3b7939a5223f7a573bf57c68cbb48afc54e4a38a48938749681f96eb62d0? s=60&d=retro&r=g) ### 󠀁[This plugin cannot be removed!](https://wordpress.org/support/topic/this-plugin-cannot-be-removed/)󠁿 [I am GrokGPT](https://profiles.wordpress.org/kenfox101/) May 26, 2019 Fix this ASAP ![](https://secure.gravatar.com/avatar/6e442258ae75780edaade6c0e498808736be001140e697c6ee43e2f29d4963e3? s=60&d=retro&r=g) ### 󠀁[Not posible to remove plugin](https://wordpress.org/support/topic/not-posible-to-remove-plugin/)󠁿 [Jeroen](https://profiles.wordpress.org/jeroentjed/) March 14, 2019 Can’t remove plugin, page turns white, nothing happens… ![](https://secure.gravatar.com/avatar/1b78861cd41948711f964a24c1ccd7deb2cceb2f6113137c0db370b453cd89c3? s=60&d=retro&r=g) ### 󠀁[无法关闭插件!](https://wordpress.org/support/topic/%e6%97%a0%e6%b3%95%e5%85%b3%e9%97%ad%e6%8f%92%e4%bb%b6%ef%bc%81/)󠁿 [](https://profiles.wordpress.org/leeyea/) December 14, 2018 无法关闭改插件,跳到了错误页! ![](https://secure.gravatar.com/avatar/6def3f8ace31aa1367f56a31c68b5386b53933fc2b599a1e8629dd925604729e? s=60&d=retro&r=g) ### 󠀁[uninstallation issue](https://wordpress.org/support/topic/uninstallation-issue/)󠁿 [motonori](https://profiles.wordpress.org/motonori/) January 17, 2018 I like this mechanism to restrict contents. But I cannot uninstall this plugin ( 1.5.4) by manager UI. Just a blank page is shown when clicking the uninstall link. ![](https://secure.gravatar.com/avatar/69e8d195e595888f632da26a9c94bd676f73dc11fd93f24fc3271b063207c1c1? s=60&d=retro&r=g) ### 󠀁[Awesome with WP 4.8.2](https://wordpress.org/support/topic/awesome-with-wp-4-8-2/)󠁿 [jumper](https://profiles.wordpress.org/jumper/) October 18, 2017 Like everyone here, I have tested so many plugins to protect content (posts, pages, etc) based on user groups. This plugin does the job beautifully. You can set the default group for content. You can assign users to groups. You can assign content to groups. The only feature it needs, in my view, is hierarchical access. This is probably too much to ask – because it will put all paid plugins out of business 🙂 I’m a bit hesitant to implement this for clients because I fear it has been abandoned– last updated a year ago. ![](https://secure.gravatar.com/avatar/af85a9cb0e6bba7fb56ea27ab79f2b6a6b1c5035bcb1e73b9ad52f89a2561653? s=60&d=retro&r=g) ### 󠀁[Can’t be better](https://wordpress.org/support/topic/cant-be-better-2/)󠁿 [superant346](https://profiles.wordpress.org/superant346/) June 16, 2017 I spent 2 full days looking for a plugin that redirects non-logged in user to specific url if the guest clicks on a specific page. I have downloaded over 30 plugins and none specifically caters my need until I find this plugin. I can’t emphasise enough how happy I am now 🙂 [ Read all 17 reviews ](https://wordpress.org/support/plugin/wp-access-areas/reviews/) ## Contributors & Developers “Access Areas for WordPress” is open source software. The following people have contributed to this plugin. Contributors * [ podpirate ](https://profiles.wordpress.org/podpirate/) “Access Areas for WordPress” has been translated into 1 locale. Thank you to [the translators](https://translate.wordpress.org/projects/wp-plugins/wp-access-areas/contributors) for their contributions. [Translate “Access Areas for WordPress” into your language.](https://translate.wordpress.org/projects/wp-plugins/wp-access-areas) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/wp-access-areas/), check out the [SVN repository](https://plugins.svn.wordpress.org/wp-access-areas/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/wp-access-areas/) by [RSS](https://plugins.trac.wordpress.org/log/wp-access-areas/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.5.22 * Fix: _load_textdomain_just_in_time warning #### 1.5.21 * Rename Plugin from “WordPress Access Areas” to “Access Areas for WordPress”. #### 1.5.20 * Security Fix: Authenticated XSS in Acceas Areas List Table (discovered by [0xd4rk5id3](https://patchstack.com/database/researcher/4e4561e4-5f79-419b-9832-33d7fd94c5a4)) #### 1.5.19 * Fix: Nonce Verification fails when using WP password reset #### 1.5.18 * Fix: PHP Warning when using plugin together with imsanity #### 1.5.17 * Fix: Access settings broken in post quick edit #### 1.5.15 * Fix: could not save website settings in network admin when running on multisite * Fix: role capabilities not saved #### 1.5.14 * Fix: could not add caps on user-edit #### 1.5.13 * Fix: WP deprecation warning * Fix: Chrome DOM warning #### 1.5.12 * Fix: nonce error when adding User in network admin if plugin is not network active #### 1.5.11 * Fix: __doint_it_wrong message wpdb->prepare #### 1.5.10 * Fix: wpdb table prefix messed up in multisite #### 1.5.9 * Fix: Pages saved via ajax not working. (Elementor) #### 1.5.8 * Security hardening #### 1.5.7 * Fix anaother PHP Warning #### 1.5.6 * Fix Multisite Database Error when WPAA is not active for network. #### 1.5.5 * Fix PHP Warning #### 1.5.4 * Fix WSOD when saving post #### 1.5.3 * Fix a Bug where a logged in user wasn’t redirected to the fallback page. Thanks to [Andrey Shevtsov](https://github.com/freeworlder) * Merry Christmas (Gregorian Calendar) #### 1.5.2 * Fix Multisite: Network Access Areas were visible when plugin was single activated * Introduce filters: `wpaa_can_protect_{$post_type}`, `wpaa_can_edit_{$post_type} _view_cap`, `wpaa_can_edit_{$post_type}_edit_cap`, `wpaa_can_edit_{$post_type} _comment_cap` #### 1.5.1 * Localization: move de_DE and de_DE_formal to translate.wordpress.org #### 1.5.0 * Fix: A network admin without blog role could not edit post access by WP Roles * Plugin settings: Use WP Post statuses in favor of hard coded status list (allows use of custom post statuses now) * Introduce filter: ‘wpaa_allowed_post_stati’ * Localization: Rework strings * Localization: Introduce de_DE_formal * Localization: consistent use of plugin textdomain #### 1.4.7 * Fix: PHP deprecated warning during install + network upgrade * Fix: Incorrect Post Classes #### 1.4.6 * Fix: Crash during install #### 1.4.5 * Fix: WP _doing_it_wrong message #### 1.4.4 * Fix: Multisite install procedere * Fix: Add self repair functionality (Ass missing posts table columns) #### 1.4.3 * Fix: Post Custom behavior not dispalying in metabox when fallback page is default fb page * Fix: invalid login redirect URI in subdirectory installs #### 1.4.2 * Fix: no restrictions for empty post objects (fixes buddypress profile page issue) * Fix: wrong redirection behavior for logged in users #### 1.4.1 * Fix: set suppress_filters to false on get_posts * Fix: Saving Access Area Name #### 1.4.0 * Feature: Explicitly enable / disable custom behaviour on posts. * UI: Combine columns in Posts list table * Fix: Contained roles were not assumed correctly * Fix: QuickEdit did not show Access after save * Compatibility: Drop support for WP < 3.8 * Code refactoring, switched classname prefixes #### 1.3.3 * Fix: Database error on comment feeds. Hiding or redirecting from comment feeds should work now. * Fix: Crash during update (function `get_editable_roles` not found) #### 1.3.2 * Security Fix: Exclude restricted posts from comment feeds #### 1.3.1 * Fix: Possible vulnerability where unauthorized users could change post access settings * L10n: change plugin textdomain from ‘wpundisclosed’ to ‘wp-access-areas’ (= Plugin slug). Rename lang/ > languages/. #### 1.3.0 * WordPress 4.0 compatibility * Feature: Show Access Columns on Media and Custom Post type list views * Feature: Select default access for new posts. * Feature: Role Caps. Set which roles can edit post access properties * Improvement: Cache DB results * Plugin API: Added filter: `wpaa_update_access_area_data` * Plugin API: Added actions: `wpaa_grant_access`, `wpaa_grant_{$wpaa_capability}`,` wpaa_revoke_access`, `wpaa_revoke_{$wpaa_capability}`, `wpaa_create_access_area`,` wpaa_update_access_area` * Plugin API: Added function: `wpaa_get_access_area( $identifier )` #### 1.2.9 Fixing that one: https://wordpress.org/support/topic/plugin-causing-crash-post-woocommerce- update-today?replies=5 #### 1.2.8 * Fix: Post Edit save 404 behaviour * Fix: Hide inacessible posts in Recent Comments widget * Fix: Hide inacessible posts in Latest posts widget * Fix: Hide inacessible posts in Archive widget * Fix: Don’t show comments to inaccessible posts in WP-Admin. (Prohibits editing as well.) * L10n: Polish localisation #### 1.2.7 * Feature: Explicitly select Front page as Fallback page. * Feature: Edit view cap now available for backend-only posts as well. * Fix: 404 behaviour not saving when default behaviour is other than 404 * API: added function `wpaa_is_post_public( $post )` #### 1.2.6 * Feature: Option to select post status after deleting access area * Fix: Wrong viewing permissions after delete access area * Fix: remove options upon uninstall * Swedish localization #### 1.2.5 * Feature: Bulk edit users: Grant and revoke access. * Fix: Was able to create access areas with empty names. * Fix: Ignores WP’s Comments closed status #### 1.2.4 * Fix: User list table column #### 1.2.3 * Check WP 3.9 compatibility * Fix: With no AAs present add Access Area didn’t show up on profile edit page #### 1.2.2 * Fix: Used wrong option name on edit post * Fix: Embarrassing wrong var name on edit post * L10n: Added one more italian string #### 1.2.1 * Feature: Option to redirect to wp-login or to fallback page. * Feature: action hook an filter on access attempt for a restricted post. (see GitHub Repo for details) * Feature: post classes * CSS: use dashicons * Italian localization #### 1.2.0 * Feature: Bulk edit Posts * Feature: Ajax-Add AAs on User edit screen * Debug: Fix invalid HMTL on user list table * Debug: Remove edit post link from frontend * Debug: Invisible posts are now also excluded from editing * Debug: Remove “Who can read”-Select from non-public post types #### 1.1.11 * Debug: Fix Comment issue. Selecting “WordPress default” now does what it is supposed to: handling over the comment responsibility to WordPress. #### 1.1.10 * Debug: Fix missing file issue #### 1.1.9 * Feature/Debug: Network admins now have access to all areas on all blogs. Blog admins have access to all areas on their own blog(s). * Code: put general use processes into function #### 1.1.9 * Feature/Debug: Network admins now have access to all areas on all blogs. Blog admins have access to all areas on their own blog(s). * Code: put general use processes into function #### 1.1.8 * Fixed: Fixed issue, where access areas where not shown on user editing in single- site installs. #### 1.1.7 * Fixed: Fixed issue, where posts table was not modified after creating new blog. Use WP’s upgrade network function to fix all posts tables. #### 1.1.6 * Feature: WP-Capability column in Access Areas table view * Fixed: Commenting was still possible after switching off comments and setting comment capabilities to ‘use WP defaults’. #### 1.1.5 * Fix [uninstall issue](https://wordpress.org/support/topic/cant-delete-the-plugin) #### 1.1.4 * Fix: issue where WP-comment settings were not applied while saving post * Improve DE Localization #### 1.1.3 * Fix: post tables did not update on wpmu_new_blog * Fix: [deletion issue](https://wordpress.org/support/topic/bug-report-cant-delete-area?replies=1) * Localize Plugin description #### 1.1.2 * Added versioncheck #### 1.1.1 * Improve loading behaviour #### 1.1.0 * Added editing restrictions. * Several fixes. #### 1.0.0 * Initial Release ## Meta * Version **1.5.22** * Last updated **4 months ago** * Active installations **400+** * WordPress version ** 4.6 or higher ** * Tested up to **6.9.4** * PHP version ** 5.6 or higher ** * Languages * [English (US)](https://wordpress.org/plugins/wp-access-areas/) and [German](https://de.wordpress.org/plugins/wp-access-areas/). * [Translate into your language](https://translate.wordpress.org/projects/wp-plugins/wp-access-areas) * Tags * [access](https://wordpress.org/plugins/tags/access/)[capability](https://wordpress.org/plugins/tags/capability/) [role](https://wordpress.org/plugins/tags/role/)[security](https://wordpress.org/plugins/tags/security/) [user](https://wordpress.org/plugins/tags/user/) * [Advanced View](https://wordpress.org/plugins/wp-access-areas/advanced/) ## Ratings 4.5 out of 5 stars. * [ 14 5-star reviews ](https://wordpress.org/support/plugin/wp-access-areas/reviews/?filter=5) * [ 1 4-star review ](https://wordpress.org/support/plugin/wp-access-areas/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/wp-access-areas/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/wp-access-areas/reviews/?filter=2) * [ 2 1-star reviews ](https://wordpress.org/support/plugin/wp-access-areas/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/wp-access-areas/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/wp-access-areas/reviews/) ## Contributors * [ podpirate ](https://profiles.wordpress.org/podpirate/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/wp-access-areas/) ## Donate Would you like to support the advancement of this plugin? [ Donate to this plugin ](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=WF4Z3HU93XYJA)