Help

Introduction

First of all, thank you so much for your interest in the most powerful and flexible WordPress access control plugin Advanced Access Manager (aka AAM).

This documentation contains the complete list of all features that AAM 5.0 or higher has. Some of the sections have reference to articles that explain related feature in-depth.

Please do not hesitate to contact us if you are not able to find answers to your questions.

Note! We are still working on some of the sections.

Getting Started #back to top

WordPress CMS (content management system) is getting much more popular over past few years because of its simplicity however it is not as simple and intuitive when it comes to manage access to WordPress website. From this documentation you will learn from the inside-out all you need to know about WordPress core and how to manage access to it with AAM plugin.

Some sections may have highlighted paragraphs with three different colors based on the user’s experience level and a warning message.

Green color - absolute beginner or end-user without any programming knowledge
Yellow color - experienced website administrator who familiar with FTP, databases etc.
Dark blue - expert with PHP programming knowledge
Highlighted Red - important notification (warning)

How to Install AAM #back to top

AAM is the free WordPress plugin that hosts in the official WordPress plugin repository. To install it, simply go to your website WordPress backend area and navigate to the Plugins->Add New. Here you can search for Advanced Access Manager and install it on your website.

Please Note! AAM is WordPress plugin, so you need to have already WordPress CMS installed in order to use it.

Upon AAM activate, no additional steps are required. You will be able to find the new AAM menu item in the main Admin Menu sidebar.

UI Overview #back to top

AAM is quite complex plugin with over 100 different features however most of our development time we spent to create intuitive and easy-to-use UI to maximize your efficiency.

AAM UI Overview

The UI interface is divided into 6 distinct areas that are designed to either display important information or to give you ability to perform some specific set of actions. There are also several pieces of functionality that go beyond the AAM page and are integrated with WordPress UI like Access Manager Metabox or Access Link.

Current Subject #back to top

The Subject in AAM terminology is general name for any user role, individual user, visitor or default access to everybody. Other words the Subject is who you manage access to.

AAM Current Subject

Each time you change subject on the Users/Roles Manager area, the current subject banner is adjusted accordingly. This gives you the visual confirmation for who are you managing access to.

The current subject can be highlighted with two colors. The red color means that you are managing access to the highest allowed user level or to the default access for everybody. That is why be careful as you can accidentally restrict access to your user. Additionally the entire AAM page will have the light red background.

Notice! Access to AAM UI is customizable and you can grand access to certain features for anybody who is registered on your website. For example you can give ability for your Editors to manage access to Posts & Pages. In this case Editor role will be the highest allowed role and it will be highlighted with red color. For more information about this feature please check How to manage access to AAM page for other users article.

The blue color indicates that you are managing access for role or user that has lower user level than you do.

Main Panel #back to top

The Main Panel is were all the magic happens. Here you have all the necessary set of tool to manage access to your website frontend and backend.

AAM Main Panel

The panel is divided on two sub-areas

  • - list of tabs (Backend Menu, Capabilities etc.);
  • - control area (place were you actually managing access);

Each tab contains collection of tools grouped by logical meaning and they are described in-depth further in this documentation.

Notice! You can register your own tab by subscribing to the aam-feature-registration action.

Settings Area #back to top

AAM is highly customizable plugin. There are multiple ways you can alter its behavior and the easier one is through the Settings Area.

AAM Settings Area

The layout here is similar to the Main Panel where all settings are grouped based on the logical meaning. Here you can find the most widely used settings.

Please Note! It is strongly recommended at least to glance through the list of all available settings because they can help you to significantly improve your website performance. WordPress, inherently, was not designed for advanced customization. That is why some AAM features may reduce your website performance and if you do not use resource consuming features, you can disable them.

Extensions Area #back to top

As it was mentioned already, AAM is highly customizable plugin. You can extend AAM functionality with extensions.

AAM Extensions Area

AAM already comes with set of premium extensions that you can purchase in our online store as well as several free extensions that can be downloaded from the Extensions area.

You can create your own custom extension. For more information check the For Developers section.

Users/Roles Manager #back to top

Users/Roles Manager is the place where you can manage list or roles, users and switch between Subjects (who are you managing access to). It has a lot of neat features and they all are described in-depth in the Users/Roles Manager section.

AAM User Role Manager

Notification Manager #back to top

The Notification Manager was added in the AAM 4.0 version to visually show important notifications that require website administrator's attention.

AAM Notification Manager
To programmatically add new notification use AAM_Core_Console:add static method.

Access Manager Metabox #back to top

By default every post, page or custom post type will have additional metabox added to the edit screen that allows to manage access to it for any user, role, visitor or default access to everybody for both frontend and backend.

AAM Access Manager Metabox
The metabox can be turned off with Render Access Manager Metabox option.

Secure Login Widget #back to top

AAM comes with its own secure login widget & shortcode that you can use to drop on your frontend page. It has couple cool features that can significantly improve your website security.

AAM Secure Login Widget
The secure login functionality can be turned off with Secure Login. For more information about secure login widget check How does AAM Secure Login works article.

Core Concepts #back to top

To be truly expert in the WordPress access management, you would have to be aware about all the conceptual and functional pieces that collectively create WordPress core. As it was mentioned in the UI Overview section, AAM is just the very useful plugin that you can use to customize your website access.

That is why it is strongly encouraged to read through all core concepts to get better understanding of how WordPress CMS works and how AAM can be used to manage it.

Basics #back to top

WordPress is based on the hybrid of Role-Based Access Control (RBAC) and Access Control List (ACL) models. It is designed to give the ability for a website owner to control what other users can or cannot do based on the assigned role. On other hand, it also has the limited ability to customize access for a specific user (this part is explained in-depth in the What is a WordPress user article).

It is very critical to understand the WordPress Roles & Capabilities as it is the core concept in access management. With that knowledge you are capable of creating complex membership platforms or simply manage access to restricted parts of your websites with little to no effort.

Roles #back to top

By default, the WordPress website has Administrator, Editor, Author, Contributor and Subscriber roles. The crucial difference between them is in the amount of assigned capabilities that sometimes is mistakenly referred to “user or role level”.

The User Levels concept was introduced to the WordPress 1.5, replaced with Roles and Capabilities in 2.0 and finally announced as deprecated in 3.0. In the current WordPress implementation, the user levels are represented as the list of capabilities level_0 to level_10 and they do not have any impact on the user permissions.

To learn more in-depth about the roles please refer to the What is a WordPress role article.

Users #back to top

WordPress comes with straight-forward user management functionality. You can create unlimited number of users and delegate different responsibilities based on the assigned role.

List of all users can be found in the backend on the All Users page, however it is accessible only for users that have list_users capability.

The default WordPress functionality does not support the idea of user status. Every registered user is considered as active however with AAM you have the ability to deactivate users without actually deleting them. For more information about this please check What is a WordPress user article.

Visitors #back to top

Anybody who is not authenticated (logged in) is a visitor. Typically they have access only to the frontend side of a website and have limited abilities to interact with frontend features.

WordPress core has almost no tools to manage what visitors can or cannot do on the frontend side however AAM has a lot of features that you can utilize to manage access not only to the frontend content and widget but also access to the entire website.

For more detailed information about the WordPress visitors, please check Who is a WordPress visitor article.

Capabilities #back to top

Capabilities is the core concept in the WordPress access management as it literally defines what authenticated user is authorize to do. However it is important to emphasize that it is heavily utilized for the backend side of a website.

The Roles & Capabilities article is probably the best reference for all predefined core capabilities that come with default WordPress installation.

To learn more about WordPress capabilities and how you can use AAM to manage them, please refer to the What is a WordPress capability article.

Frontend #back to top

Frontend is the publicly facing part of the WordPress website. Typically it is rendered by the active theme and consists of pages, posts, categories widgets and menus.

WordPress core does not have any abilities to manage access to it however AAM has a lot of neat feature that can be used. You can manage access almost to every part of your frontend. For more information please refer to the What is the WordPress frontend article.

Backend #back to top

Backend is usually restricted part of the WordPress website. This is the place were only authenticated users have access to.

Typically the list of tasks that authenticated user can perform in the backend is defined by the assigned capabilities. That is why it is very important to understand the capabilities concept.

For more information about backend and how AAM manages access to it please check What is the WordPress backend article.

WordPress Hooks #back to top

WordPress hooks is the subject of interest to developers rather than none technical users however it is beneficial to understand the concept because majority of customization is based on hooks.

Hooks are programmatic actions and filters that can be used by developers to “hook into” some core WordPress functionality. For example AAM hooks into the functionality that retrieves the list of posts from the database and filter out all posts that are hidden for currently authenticated user or visitor.

The User Activity extension uses hooks concept to listen to different events triggered by user actions and stores all related information and shows you the detailed report when requested.

There are few core WordPress functions that developers can use to register new hooks. Internally they are executed the same way with the only difference in return result. The add_action function does not return any result while add_filter action has to return the input value either unmodified or modified, otherwise it will break the chain of functions that may hook to the same event. It is also important to pay attention to the priority attribute as lower priorities are executed first.

A lot of access management tasks cannot be accomplished just with roles and capabilities that is why you may noticed that developers refer to different hook that can be utilized to accomplish desired objectives. Please do not hesitate to contact as with questions if you not sure how to accomplish some of the tasks and we are more than happy to help you out.

Posts, Pages & CPTs #back to top

WordPress functionality is built around the concept of posts. Every page, post or custom post type (CPT) is a post and the only thing that differentiate them is the post type.

All posts are stored in the database table wp_posts and the post_type colum defines the post type.

AAM plugin has many access options that you can use to manage very granular access to any post.

For more information about the concept of post please refer to the What is a WordPress post article.

Taxonomies #back to top

WordPress posts can be grouped together with taxonomies and there are two different types: hierarchical and tags

For example post category is the hierarchical taxonomy and you can create a complex tree of categories with sub-categories. However post tags are linear list of tags that can be assigned to a post.

AAM works only with hierarchical taxonomies and greatly enhance your ability to manage access to large amount of posts that are grouped. For more information about the taxonomy check What is a WordPress taxonomy article.

Inheritance Mechanism #back to top

AAM has the most sophisticated access settings inheritance mechanism that is available online for the WordPress CMS. It takes in consideration all WordPress core relationships between website resources. Under resource we mean any post, taxonomy, user, role, menu, metabox etc.

With Role Hierarchy extension you can even create a hierarchical tree of WordPress roles where all child roles inherit settings from parent.

It is very important to understand how it works because with this knowledge you have endless possibilities. Within minutes you can create a complex membership portal that typically would cost you thousands of dollar to implement from scratch.

For more information about inheritance please check How does AAM inherits access settings article.

Users/Roles Filter #back to top

AAM utilizes the deprecated User Levels concept to enhance WordPress backend security.

For more information about this feature please check WordPress Users and Roles Filter article.

Core Caching #back to top

AAM comes with internal caching mechanism that stores results of access settings inheritance for posts and terms as this is the most time and resource consuming procedures due to access inheritance mechanism.

Please do not get confused. AAM cache has nothing to do with any website caching plugins or WP Fast Cache or WP Super Cache. It is also not a PHP Opcache or Memcache. You cannot enable or disable it however you can clear it on the Settings tab.

It is important to emphasize that cache is stored per each individual user separately and is automatically cleared if user's role is changed. It is also automatically cleared if any changes detected for post's parent hierarchical term or to term itself however in this case the cache is cleared for all existing users and visitors.

Backend Menu #back to top

One of the most popular features that AAM offers is the ability to restrict access to the Backend menu items. AAM not only filter out restricted menus and submenus but is also restrict direct access to them.

AAM Backend Menu
To learn more about admin menu and how AAM can help you manage access to it, please check How to manage WordPress backend menu article.

Metaboxes & Widgets #back to top

Another useful feature that comes with basic AAM plugin is the ability to manage list of metaboxes and widgets on both frontend and backend.

Metaboxes and widgets are parts of the backend and frontend, designed to do very specific tasks. You can find metaboxes on edit post, page or custom post type pages. For example "Publish", "Categories", "Custom Fields" etc. are metaboxes. Widgets typically are rendered either on the Home page of the admin Dashboard or sidebar of the website frontend.

AAM Metaboxes and Widgets
To learn more about metaboxes and widgets and how AAM manages them, please refer to the How to hide WordPress metaboxes and widgets article.

Capabilities #back to top

This is the most powerful and also very sensitive part of the entire website. Be careful because you can easily loose control over your website or restrict group of users from doing critical tasks without even noticing that.

AAM Capabilities

On this tab you have absolutely all necessary tools to manage list of capabilities for any role or even individual user.

To learn more about the concept of capability and how AAM manages them please check What is a WordPress capability article.

Posts & Pages #back to top

AAM plugin has the most powerful and sophisticated set of tools to manage access to the website posts, pages, media, custom post types, categories and custom taxonomies. Flexible inheritance mechanism and multiple levels of default settings makes AAM the best content management plugin that is available for the WordPress CMS.

You can manage access to your content for any role, individual user or visitors for both frontend and backend. To learn more in-depth about this please check How to manage access to the WordPress content article.

Below you'll find the list of all available access options that can be used to define more granular access behavior to the website content.

Hide any post on the website frontend or backend. AAM will filter out selected post from all menus or lists however it can be accessed with direct URL. For example, you can hide the page "Sample Page" for all users with the Subscriber role but if user has direct URL to the page, he will be able to access it.

The LIST access option may impact the website performance that has large amount of posts. AAM has several optimizations implemented that minimize the impact like internal AAM caching or post access indexing. It is strongly recommended to disable this feature with Check Post Visibility option if there is no need to hide posts.
With Plus Package extension access control is also available for taxonomies or you can even setup default access to any registered post type (e.g. Posts, Pages, Media etc.).

LIST TO OTHERS #back to top

The option is available with Plus Package extension only.

Similar to the LIST option however the post is hidden for everybody except the author (whoever created the post or was assigned as author). For example if John Smith created the post "Introduction to AAM" then only John Smith will see it on the website frontend or backend while for other users and visitors it is hidden.

Note! Due to the nature of the AAM access inheritance mechanism, the LIST TO OTHERS option should be check only on the Default Access level. This way all the roles, users and visitors will automatically inherit it unless overwritten.
Note! If LIST TO OTHERS and LIST options are both checked, then AAM disregards LIST TO OTHERS option and the author will not see his own posts.

Restrict access to read the post. If LIST option is not checked, then the post is still listed on the website frontend but direct access to it is restricted. Any attempt to access the post will be denied and user will be redirected based on the Access Denied Redirect rule.

Media library is the exception. To learn more about this topic check How to manage WordPress media access article.

READ BY OTHERS #back to top

The option is available with Plus Package extension only.

Similar to the READ option however the post is restricted for reading and viewing for everybody except the author (whoever created the post or was assigned as author). For example if John Smith created the post "Introduction to AAM" then only John Smith will be able to read it on the website frontend while for other users and visitors it will be restricted.

Note! Due to the nature of the AAM access inheritance mechanism, the READ BY OTHERS option should be check only on the Default Access level. This way all the roles, users and visitors will automatically inherit it unless overwritten.
Note! If READ BY OTHERS and READ options are both checked, then AAM disregards READ BY OTHERS option and the author will not be able to read his own posts.

LIMIT #back to top

Limit access to the post by showing the specified teaser message. It is useful to use this option when you want to prompt user to do some action like login or renew subscription plan.

AAM Post Limit Option
The teaser message can be either plain text or valid HTML. For example on our website this custom HTML message will be displayed as shown below.
<div class="text-center">
    <img src="https://aamplugin.com/imgs/access-key.svg" width="64" />
    <h2>Access Denied</h2>
    <p class="text-muted">Please contact our system administrator for more information</p>
</div>
AAM Custom Access Denied

READ COUNTER #back to top

Define how many times the post can be opened to read, view or download. This option is available only for authenticated users as there is no really secure way to identify visitors.

After user reaches defined threshold, access to post will be denied and user will be redirected based on the Access Denied Redirect rule.

The read counter increments right after the threshold is set. The counter is stored in the wp_usermeta table as aam-post-[post-id]-access-counter meta key. There is no option to reset this counter from the AAM UI. The meta key has to be deleted manually when there is a need to reset the counter.

COMMENT #back to top

Restrict access to write comments on the post when the commenting feature is enabled. For example you can restrict access for visitors to write comments on any post to reduce the amount of spam.

REDIRECT #back to top

Redirect user or visitor based on the specified redirect rule when any user or visitor is trying to access the post.

There are several possible redirect rules that can be entered and they are evaluated until first positive match in the following order:

  1. The URL. Is provided rule a valid URL (e.g. https://mydomain.com, http://somedomain.us/some-path);
    AAM evaluates the URL with PHP parse_url function and expects in return at least [host] index. Otherwise the provided redirect rule will be not evaluated as valud URL.
  2. Page, Post or CPT ID. Any numeric value is considered as ID and user will be redirected to specified page, post or CPT.
    WordPress core function get_page_link is used to find page URL based on the provided ID. This function may return unexpected value if not correct ID is provided.
  3. PHP Callback. Evaluate provided redirect rule as valid PHP callback. The rule is evaluated with PHP is_callable function.
  4. Message. Default fallback that will simply display provided redirect rule as a text or HTML message.
    AAM core will trigger wp_die core function.

PASSWORD PROTECTED #back to top

The option is limited without Plus Package extension.
Available with WordPress 4.7.0 or higher.

Password protect the post. This is very similar to the password protected feature that WordPress core offers however AAM extends it and allows to setup a password for any category or all posts.

For example you can define a single password for all pages but overwrite it for one specific page.

ACCESS EXPIRATION #back to top

Define limited by time access to the post. For example you can allow visitors to access your posts in the Science category only for 1 month. After that the access will be automatically restricted.

The expiration criteria expects to be given a string containing a valid date/time format or mathematical expression. Dates in the m/d/y or d-m-y formats are disambiguated by looking at the separator between the various components: if the separator is a slash (/), then the American m/d/y is assumed; whereas if the separator is a dash (-) or a dot (.), then the European d-m-y format is assumed. To avoid potential ambiguity, it's best to use ISO 8601 (YYYY-MM-DD) dates whenever possible.

Examples: +2 weeks (the access will expire in 2 weeks from now); +10 hours (the access will expire in 10 hours from now); January 1st 2018; 10/08/2019

For more information about this feature check How to set expiration date on any WordPress content

MONETIZED ACCESS #back to top

The option is available only with E-Commerce extension and can be enhanced with Plus Package extension.

Start selling access to your website content (any post, page, media asset, custom post type, category, custom taxonomy etc.). The option is based on the simple idea where authenticated user has access to "monetized" content only if he purchased bounded E-Product. Otherwise user will be automatically redirected to conduct a purchase or teaser message will be displayed to do so.

For more information about this feature, please refer to the How to monetize access to the WOrdPress content article.

Restrict access to edit the post. User will be able only to preview or delete the post. Any attempts to edit it will redirect user based on the Access Denied Redirect rule.

EDIT BY OTHERS #back to top

The option is available only with Plus Package extension.

Similar to the EDIT option however the post is restricted for editing for everybody except the author (whoever created the post or was assigned as author). For example if John Smith created the post "Introduction to AAM" then only John Smith will be able to edit it.

Note! Due to the nature of the AAM access inheritance mechanism, the EDIT BY OTHERS option should be check only on the Default Access level. This way all the roles, users and visitors will automatically inherit it unless overwritten.
Note! If EDIT BY OTHERS and EDIT options are both checked, then AAM disregards EDIT BY OTHERS option and the author will not be able to edit his own posts.

DELETE #back to top

Restrict access to trash or permanently delete the post. Any attempts to trash or delete the post will be discarded.

DELETE BY OTHERS #back to top

The option is available only with Plus Package extension.

Similar to the DELETE option however the post can be trashed or permanently deleted only by the author (whoever created the post or was assigned as author). For example if John Smith created the post "Introduction to AAM" then only John Smith will be able to delete it.

Note! Due to the nature of the AAM access inheritance mechanism, the DELETE BY OTHERS option should be check only on the Default Access level. This way all the roles, users and visitors will automatically inherit it unless overwritten.
Note! If DELETE BY OTHERS and DELETE options are both checked, then AAM disregards DELETE BY OTHERS option and the author will not be able to delete his own posts.

PUBLISH #back to top

Can be greatly enhanced with Plus Package extension.

Restrict access to publish the post if it haven't been published yet. Great option if you want to restrict access to publish content without reviewing it first. Any attempts to publish the post will result is saving the post with Pending Review status.

With Plus Package extension you can even restrict ability to publish posts in the very selective category or even disallow to publish any post in specific post type.

PUBLISH BY OTHERS #back to top

The option is available only with Plus Package extension.

Similar to the PUBLISH option however the post can be published only by the author (whoever created the post or was assigned as author). For example if John Smith created the post "Introduction to AAM" then only John Smith will be able to publish it.

Note! Due to the nature of the AAM access inheritance mechanism, the PUBLISH BY OTHERS option should be check only on the Default Access level. This way all the roles, users and visitors will automatically inherit it unless overwritten.
Note! If PUBLISH BY OTHERS and PUBLISH options are both checked, then AAM disregards PUBLISH BY OTHERS option and the author will not be able to publish his own posts.

BROWSE #back to top

The option is available only with Plus Package extension.

Restrict access to browse the category however it is still listed on the website frontend. When user clicks on the category link, access to the category will be denied and user will be redirected based on the Access Denied Redirect rule.

For example you can restrict access to see list of products in the category "Products" for all visitors and redirect them to login page first.

ADD NEW #back to top

The option is available only with Plus Package extension.

Restrict access to create new posts. This option is available only for default post type access level so technically you can either allow to create new posts or not. Any attempts to create a new post will be denied with WordPress core message "Sorry, you are not allowed to access this page."

There is no way to restrict access to create new posts for specific category simply because WordPress does not know what category you will choose after hit Create New button. To cover this scenario you can hide acategory on the backend with LIST option.

Redirects #back to top

AAM plugin is very good about managing smooth user flow that is why it gives you several options to manage various redirects on your website.

Currently AAM offers 4 different types of redirects and all, except 404 redirect, can be customized for any role, individual user or visitor.

Please note! All the features that are related to redirect are included in the free AAM version. There is no need to purchase any premium extensions.

Access Denied Redirect #back to top

Access Denied Redirect is very useful and granular feature that allows to define what AAM should be doing when access is denied for some restricted area.

AAM Access Denied Redirect

The UI functionality is self-explanatory however to eliminate any possible questions, please refer to the How to redirect WordPress user when access is denied article.

Login Redirect #back to top

By default, WordPress redirects user to the admin backend after user authenticated successfully. In a lot of cases this might not be the ideal user flow. With the Login Redirect feature you can redefine this behavior for any role or even individual user.

AAM Login Redirect
The login redirect feature may not work if you are using third-party plugin or any custom functionality for the login process. We strongly encourage you to check our free AAM Secure Login feature.

Logout Redirect #back to top

Another useful AAM feature - the ability to redefine logout redirect for any role or individual user. By default, logged out user is redirected to the default WordPress login screen.

AAM Logout Redirect

404 Redirect #back to top

AAM allows you to define custom 404 redirect when page was not found on the website. The 404 redirect can be defined only on the Default Access level as it is less-likely you would need the ability to define 404 redirect for specific user or role.

AAM 404 Redirect
For more information about this feature you can check How to redirect on WordPress 404 error article.

AAM Settings #back to top

In this section you'll find all AAM settings & tools that you can utilize to change the default AAM behavior.

Please note! Some options may either significantly increase or reduce your website performance. Read carefully description for each option and apply them based on your needs.

Edit/Delete Capabilities #back to top

By default, the options is disabled to prevent from mistakes of deleting or modifying role capabilities. So many inexperienced WordPress users lost control over their website because of that so we made the decision to disable it unless it is explicitely enabled.

When option is enabled, two additional icons are available for each capability: "Edit" and "Delete".

AAM Manage Capabilities
To learn more about the ability to manage capabilities with AAM please refer to How to manage WordPress capabilities article.

Backend Access Control #back to top

Toggle AAM control over the backend area. Keep this option disabled if you are not managing access to your website backend side. This may increase your website performance.

By disabling the Backend Access Control feature, AAM UI will adjust accordingly and following features will be removed:

  • - Backend Menu tab;
  • - Metaboxes & Widgets tab;
  • - On the Posts & Pages tab the Backend sections;
  • - On the Access Denied Redirect tab the Backend section;

Frontend Access Control #back to top

Toggle AAM control over the frontend area. Keep this option disabled if you are not managing access to your website frontend side. This may increase your website performance.

By disabling the Frontend Access Control feature, AAM UI will adjust accordingly and following features will be removed:

  • - On the Posts & Pages tab the Frontend sections;
  • - On the Access Denied Redirect tab the Frontend section;

Render Access Manager Metabox #back to top

Access Manager Metabox, by default, is added to every edit screen for posts, pages, medias, CPTs, categories or custom taxonomies. You can disable this metabox if there is no need to manage access to your website content.

Please note! The Access Manager metabox is not rendered for users that do have access to AAM page or do not have ability to manage AAM Posts & Pages feature. It is also not rendered when both Frontend Access Control and Backend Access Control options are disabled.

Secure Login #back to top

AAM comes with its own secure login functionality like login widget or ability to significantly improve your website security by protecting from brute-force attacks. However you have the ability to disable this feature if other plugins are used for login/security purposes.

For more information about secure login feature please check How does AAM Secure Login works article.

Multisite None-Member Restriction #back to top

WordPress multisite network does not have any options to manage access to sites frontend per user base. That is why any user or visitor can access all sites in the network. By activating this option, AAM will automatically restrict access to the site if user is not a member of the site (not added as the user of the site).

Please note! AAM will control only frontend access. To restrict user to access backend area for any site, simply do not add user to the site's user list.

Media Files Access Control #back to top

AAM is probably the only free plugin that gives the ability to manage physical access to all your media assets. By activating this option, all restricted to READ media records will not be accessible for viewing or downloading.

Please Note! Additional steps are required to configure this feature. For more information please check How to manage access to the WordPress media library article

Check Post Visibility #back to top

Enabling Check Post Visibility feature may slow-down the website performance with large amount of posts, pages or media library.

WordPress core database and functionality is not normalized for granular acess management to its resources like posts, pages or categories. It would be much easier if all the Website content and relations between different content types were static however in reality this is not true. We consistently adding new posts and categories, changing how they are organized, creating new users and roles. AAM successfully takes in consideration these facts however it comes with the cost.

When Check Post Visibility option is enabled AAM applies settings inheritance mechanism for each fetched post or term and cache result per user base. When there is large amount of posts, AAM will do it in small portions (by default 500 posts per request but this value can be changed with ConfigPress settings get_post_limit).

Basically it is recommended to keep this feature disabled if you are not planning to use Posts & Pages access option LIST or LIST TO OTHERS.

Manage Hidden Post Types #back to top

AAM, by default, lets you manage access to post types that are public (check the public parameter's definition) however this might not satisfy all possible scenarios.

For example, the frontend menus are typically list of hidden post types nav_menu_item that are references to the actual posts, pages, categories or links. The mentioned post type is hidden (not public) that is why you need to explicitely enable the ability to manage them. Upon enabling, you should be able to see more post types available for access control on the Posts & Pages tab.

AAM Hidden Post Types

Page Categories #back to top

Plus Package extension is required to have this feature.

WordPress, by default does not provide the ability to group your pages in categories the same way as posts. This might be very useful if you are planning to manage access to multiple pages. Upon enabling this feature, you will be able to group pages into categories the same way as posts.

AAM Media Category

Media Categories #back to top

Plus Package extension is required to have this feature.

WordPress, by default does not provide the ability to group your media library in categories. This might be very useful if you are planning to manage access to the group of files. Upon enabling this feature, you will be able to group media assets into categories the same way as Posts.

AAM Media Category

Support Multiple Categories #back to top

Plus Package extension is required to have this feature.

It is quite common when you have to assign more than one category (any hierarchical taxonomy) to a post. In some instances you might have multiple hierarchical taxonomies registered for a post.

AAM by default takes in consideration only access settings for the first category on the list and ignores others however by enabling Support Multiple Categories option, AAM will fetch access settings for all assigned hierarchical taxonomies and merge them as following:

  • - By default the denied access option has higher priority. For example if for Category A all posts are allowed to READ, however for Category B all posts are restricted to READ, then any post that has Category A and Category B will be not allowed to READ.
  • - If ConfigPress option access.merging.preference* is set to allow then with the same scenario as above, the post will be allowed to READ.

* You should have Plus Package 3.5.1 or higher for this feature.

Inherit From Parent Post #back to top

Plus Package extension is required to have this feature.

Allow AAM to inherit access settings from the parent post (any hierarchical post type like pages) before trying to inherit settings from the parent category or default settings.

For more information about AAM post access inheritance mechanism please check How to manage access to the WordPress content article.

AAM Tools #back to top

AAM comes with predefined set of tools that you might find helpful during your access management setup. You can find them all on the Settings Area. They all are self-explanatory.

Export Settings #back to top

AAM has the ability to export all the access settings so you can import them to any other website. For example, it is very helpful when you want you have multiple website that should have the same list of roles and capabilities.

By default AAM exports only roles & capabilities, AAM settings and ConfigPress settings. You can customize this behavior with ConfigPress. For more information please check How to export and import AAM settings article.

Import Settings #back to top

Previously exported AAM settings can be imported to any WordPress website that have AAM installed.

To learn more about the import/export AAM feature please refer to the How to export and import AAM settings article.

Clear Cache #back to top

AAM comes with internal caching mechanism that is heavily used to cache posts and pages access settings. You can manually purge the cache.

AAM automatically clears the cache for specific user or all the users depending on the content relations change. For example if you assign post to a new category, AAM will automatically clear the cache so a new set of access settings can be inherited.

Clear All Settings #back to top

To start fresh, you have the ability to clear all AAM settings however keep in mind that changes to the list of Roles and Capabilities are permanent and AAM does not reset them.

Users/Roles Manager #back to top

Users/Roles Manager is the sidebar panel on the AAM page that allows you easily navigate between roles, users, visitors or switch to manage default access to everybody. Here you can find all necessary set of tools to successfully manage list of your roles and user.

Roles #back to top

WordPress allows you to have unlimited number of roles however it does not have ability to manage them. You can find out all you need to know about role management from the How to manage WordPress roles article

AAM Manage Roles

Users #back to top

With AAM Users tab you can see the list of all your users to manage access, block or switch to any.

AAM Manage Users
To leanr more about user management, please check How to manage WordPress users article.

Visitors #back to top

AAM has the great ability to manage access to the website visitors (users that are not authenticated).

AAM Manage Visitors
It is important to understand who is considered as visitor, so please refere to the What is a WordPress visitor article to learn more about it.

Default Access #back to top

One of the most powerful aspects in the AAM functionality is the ability to define default access for everybody to any website resource. So technically everybody (including Administrato role and your admin user) inherits those settings if no other settings were detected.

AAM Manage Default Access
Please check How does AAM inherit settings article to learn more about AAM inheritance mechanism.

Shortcodes #back to top

AAM comes with set of helpful shortcodes that you can use to drop on your website frontend.

As developer you can create your own custom shortcode. AAM_Shortcode_Factory factory class instantiates proper shortcode based on the context attribute.

Login #back to top

The [aam context="login"] shortcode is used to drop login form on your website page. To find more information about this shortcode please refer to the How does AAM secure login works article.

List of available attributes:

  • id - Unique login form ID. Default: random unique string;
  • user-title - Greeting message. Default: Howdy, %username%;
  • redirect - Redirect to page after successful login. Default: value in the __GET "redirect_to";
  • callback - Custom PHP callback function that returns login form. Default: none;

Content Filter #back to top

Manage access to certain parts of the page/post content with [aam context="content"] shortcode. Please find more information about this shortcode from How to filter WordPress post content article.

List of available attributes:

  • show - Comma-separated list of role IDs, user IDs or IP addresses to show content for;
  • hide - Comma-separated list of role IDs, user IDs or IP addresses to hide content from;
  • limit - Comma-separated list of role IDs, user IDs or IP addresses to limit content for;
  • message - Message to show if "limit" is defined attribute is defined;
  • callback - Callback function that return content;

Checkout #back to top

This section is under construction. Our apology for the inconveniences.

Extensions #back to top

AAM is very flexible WordPress plugin that can be easily extended based on the business custom need. It already comes with several free and premium extensions that you can find on the Extensions Area.

How to install #back to top

Please note! AAM extensions are not typical WordPress plugins and should not be treated as such. All AAM extension are installed in special directory that is outside of the default WordPress plugin directory.

There are two possible ways of installing AAM extension:

  • - From the Extensions Area. If you purchased a premium extension, then you can insert the license here and AAM will automatically download and install extension for you. For free extensions, you can simply click on Download button right next to the extension name.
  • - Manual installation. For example if you are behind the company firewall or your website has some troubles sending remote request to our server, you can download any extension and follow the manual installation instruction from the How to install AAM extension manually article.

Plus Package #back to top

This section is under construction. Our apology for the inconveniences.

IP Check #back to top

This section is under construction. Our apology for the inconveniences.

Role Hierarchy #back to top

This section is under construction. Our apology for the inconveniences.

E-Commerce #back to top

This section is under construction. Our apology for the inconveniences.

ConfigPress #back to top

This section is under construction. Our apology for the inconveniences.

Multisite #back to top

This section is under construction. Our apology for the inconveniences.

User Activities #back to top

This section is under construction. Our apology for the inconveniences.

Complete Package #back to top

This section is under construction. Our apology for the inconveniences.

Development Package #back to top

This section is under construction. Our apology for the inconveniences.

For Developers #back to top

AAM core was created by experienced developers for developers. You can utilize it to create your own custom functionality or event custom extensions that we can host on our server while you are getting paid 100% or the specified value.

The best way to get some basic understanding of the AAM core is to check Introduction to AAM core for developers article.

AAM API #back to top

This section is under construction. Our apology for the inconveniences.

Hooks #back to top

This section is under construction. Our apology for the inconveniences.

Custom Extension #back to top

This section is under construction. Our apology for the inconveniences.

Download Extensions #back to top

Download
If you did not receive the email with license key, contact us immediately.

Select one of the available options to download
For more information about the manual installation process read How to install AAM extension manually

Transfer License #back to top

Contact us in order to transfer your license to a different domain.

Generate Invoice #back to top

Request Refund #back to top

You can ask for refund within 10 days from the time of purchase. Please provide Transaction ID or License Key so we can find and refund your payment.

Troubleshooting #back to top

This section is under construction. Our apology for the inconveniences.

APPENDIX A. List of Article #back to top

Contact Us #back to top

Please do not hesitate to contact us if any questions however keep in mind few simple rules.
  1. Keep your message short. As longer message as more times we will take to response;
  2. Use English, Polish, Russian or Ukrainian language. Otherwise we may ignore your message;
  3. In case of a problem with the plugin, include screenshots, videos or step-by-step description on how to reproduce the issue;
  4. Email us at support@aamplugin.com, add us to Google Hangout or submit contact form on aamplugin.com website to speed-up the response. Any other channels of communication we will be ignored.
  5. Be patient. It might take up to 3 business days for us to response.