WordPress Access & Security Policy

To learn more technical details about Access & Security Policy, please refer to this page.

I think the first and probably the most obvious question that needs to be cleared here is – Why da heck am I introducing the completely new way of managing access and security to the WordPress websites? For none tech-savvy folks the JSON-based policy document sounds like a quantum physics equation. Besides I’ve literally spent hundreds of hours over the course of 7 years improving AAM UI and now I’m pivoting toward more complex approach that has decent learning curve. What is wrong with me???

Weeeell. The truth is that the concept of policies revolutionizing the way we think about managing access and security to the WordPress website. So let me give you couple real examples that will show you how this concept was developed.

Example #1. Customer support.

Customer support is one of the most important aspects of any software life-cycle. Fast and effective support is golden. That is why for past couple years I’ve been trying really hard to respond to as many emails as possible; and as AAM start gaining more popularity, I’ve been getting more emails. Some of them required 30 seconds to respond, others 30 minutes.

More than a half of all emails where with a question “How to…?”. So typically I was responding with the list of 1..N steps to configure access to the website resources. A lot of times I was responding with very similar list of steps to others which forced me to start creating all these video tutorials and articles.

This helped.., a little. However one thing that was not solved is time. Time that you spend on either reading articles, watching video tutorials or emailing me back-n-force with questions regarding steps 1..N. This is something that was bothering me for the long time and that is how concept of access and security policy occurred.

Imagine the process where you go to aamplugin.com website and search for a policy that restricts access to all you posts for visitors or for a policy that allows your editors to manage only their own pages; or maybe a policy that gives an user the admin privileges except the ability to install, deactivate or edit plugins. Then when you find it, you simply add it to your website and apply to any desired user or role.

No imagine if you can’t find the policy that suits you well, you email us and we respond to you with the JSON policy that you just copy & paste to your website and everything else is taken care of.

Policies save you literally hours and hours of reading about different type of capabilities as well as watching bunch of videos about “How to…?”

Example #2. Strict governance and regulation.

At the moment of writing this article, I’m having also a full-time job as lead engineer and owner of the PCI compliant environment for multi-billion dollars company. Tons of regulations, processes and policies takes 99% of my time here. Giving somebody just a little bit more privileges (intentionally or mistakenly) increases the risk for the environment to be compromised.

That is why any changes to the environment, user base or user permissions is really well documented and goes through very careful approval process.

I’m bringing the strong sense of security and compliance to the WordPress community in the shape of policies. Now your organization has the ability to define a very specific set of policies that have well-documented list of permissions and conditions that can be attached or revoked to anybody or anything with just a click of a button. Because all policies are JSON-based documented, they can be even stored in any versioning control system like Git or Versions.

Policies is probably the best way to document your access and security rules and enforce them on any user, role, visitors, everybody all together or even programmatic application (not a human).


With almost 100% certainty, Access & Security Policies is the future for AAM plugin. With every new AAM release, more and more feature will be configurable with policies.

My main and ultimate objective with this approach is to simplify access and security management for website owners so you can focus on running your business while delegating everything else to professionals who know WordPress core from the inside-out and follow the best security standards and procedures.

To learn more technical details about Access & Security Policy, please refer to this page.

Get notified about important updates and new features (no more than one email per month).