On July 16, I sent out a message to my Twitter followers that I was building a user management plugin for WordPress. At the time, I had been playing around with several plugins that offer similar functionality, but nothing really satisfied me. I just wanted a nice interface that didn’t get in the way of the things I normally do with WordPress.
I had no idea how popular the idea would be, even warranting itself a blog post, a forum topic, and loads of emails and replies on Twitter. So, I thought it’d be best to get the feel of the community and see what everyone’s thoughts were.
Many were in the same boat as me — not quite satisfied.
I don’t mean to build my plugin up too much though. There’s an extremely long road ahead if I’m going to implement as many features as we all want. The first release is about building a solid foundation for future development. I want to get the essentials down first. Then, I can start building new things in.
What does this plugin do?
First and foremost, it’s a role management plugin. This is the foundation of everything. It will allow you to control each of your site’s roles and their accompanying capabilities.
But, it’s not only a role management plugin. It has a components-based system that allows you to only use the components you wish to use. The current components are:
- Edit Roles: Edit your user roles and their capabilities.
- New Roles: Create new roles for use on your site.
- Content Permissions: Adds a meta box on your write post/page editor that allows you to restrict content to specific roles.
- Widgets: Adds a login form widget and user-listing widget that you can use in any widget area on your site.
- Shortcodes: Creates shortcodes that you can use to restrict or allow access to certain parts of your posts and pages (or any other shortcode-capable area).
- Template Tags: New functions for use within your WordPress theme for various things.
- Private Blog: Allows you to create a private blog that can only be accessed by users that are logged in (redirects them to the login page).
This is just the beginning though. You’ve given me loads of ideas in my original post on this, and I plan on implementing as much as possible in later versions.
What I need from you all
Testing. Testing. Testing. And, feedback, of course.
This is one of the larger projects I’ve worked on, so a lot of the stuff is new terrain, even for me. With enough feedback and testing, this can be a great project for the WordPress community.
I know many of you will have ideas about new things to be added, but let’s try to hold those ideas until later. What you see here will be in version 0.1 of the plugin, but new things will come in later versions. Right now, I want to focus on making sure the current components work.
Some specific things I’m looking for:
- Is anything too hard to understand?
- Does something not work the way you expect it to?
- Do you recieve any error messages?
- Each component and each component’s options need to be tested.
- Testing on various browsers definitely needs to be done.
- Needs to be tested on the WordPress 2.8 branch and the current trunk.
Some questions:
- How should restricted pages (Content Permissions component) be handled? Remove from page lists if user isn’t allowed to view them?
- Will someone check to make sure content isn’t showing in feeds (Content Permissions component) unless it’s supposed to?
- Is there anything else you’d like to see done with the current widgets (Widgets component)?
I’m hoping to officially launch this plugin in another week or two (depending on what bugs are found).
How to use the plugin
I’ve written a fairly comprehensive guide, which is included within the plugin download. It is the readme.html file.
If you have questions about usage, please refer to that guide first. Also, I encourage you to read my guide on users, roles, and capabilities in Wordpress. It’ll give you a better understanding of how things work.
Beta test the plugin
Please do not use this plugin on a live site. It is for test environments only. If you use it on a live site and it breaks that site, you are responsible for fixing it.
Sorry for such a stern warning, but I’ve locked myself out of my test install on more than one occasion while developing this plugin. Let’s make sure it works before using it on live sites, okay?
Help me name the plugin
I’m currently calling it the Members plugin because I haven’t given a name to it yet. If you have ideas about what to call it, feel free to let me know.
The plugin is supposed to be a complete user, role, and content management plugin. While it’s not quite there yet, I hope that it’ll become the “must-install” plugin for all multi-user WordPress sites in the future.
Sounds promising. Downloading. let us see, what justin got this time
Download for testing and thanks for sharing.
Oh wow, that sounds so great! But I am running a Wordpress blogger of my own, will this be useful to me? I am the only author of my blog.
Thanks
Thanks for sharing. I will download it for testing.
For any private protected and content restricted stuff, may I reference an informative post at Digging into Wordpress: http://digwp.com/2009/08/password-protect-more-than-the_content/
Sounds promising!
I would love to see the ability to geo tag users, or assign a country category to them. Would this be possible by using ‘create new roles’ and naming the roles by country?
Congratulation on first public release.
When it comes to naming the plugin I propose to call it Access Manager, WordPress Access Manager, WP Access Manager.
Thats what it is, the names are available, and it will work in the future regardless of what components gets added, and I think it will work well to tell users what it does.
The Access Manager manages users, access, roles and capabilities etc…
Download 4 testing & thx 4 sharing. Keep up with coding.
Name 4 plugin: “WP User Manager”
Thanks for sharing.I’ll download for testing.
I downloaded it and I will start checking it later tonight. Thanks for the good work, Justin.
Have installed and used it very cautiosly and so far so good. Will be of tremendous use when out of beta
I just downloaded it, will install and mess around a bit.
Will let you know how it goes,
Thanks
Arun — Let me know what you think and if you run into any trouble.
8207h32 — Cool. Tell me what you think about it.
Clarky — I can’t think of too many uses for a single-user site because you already have access to everything you need. The plugin is really for people with multi-user sites.
Johnny Random — You’re welcome. Let me know how the testing goes.
Micah — Yeah, I’ve already read that post, but most of it is nothing new to developers. It’s a bit outside the scope of what we’ll be doing with this plugin, but I may add some additional tips for restricting content in the plugin’s docs.
Garrison — We have an ideas post for new features. I have some thoughts on custom user fields for version 0.2 though.
John Myrstad — I’m just happy to finally be able to release something usable to the public.
Access Manager is definitely a good candidate for the plugin’s name. It describes most of what it’ll do perfectly.
feelX — WP User Manager is another good name, but I do feel like it limits the idea of the plugin a bit.
Neel — Thanks. Let me know how the testing goes.
J Mehmett — Let me know if you run into any problems.
gunfios — Yeah, I’m being careful with it too. I’m testing it on one of my new sites (not launched) with multiple authors, and everything is running fine so far. I hope we can get this out of beta soon and running on people’s sites.
Dave — Thanks. I’ll appreciate the feedback.
I’d suggest the “rgreogry plugin” it has a certain ring to it that other name just won’t match.
I’ll try and have a play with the plugin as well.
Downloaded it and will test it on a couple of my test sites. Interesting plug-in. I’ll keep you posted.
What about ‘User X’
Great news Justin, and thanks again from the “community”. I agree with John above regarding the name. Access Manager seems to cover everything that this plugin is, and will be.
Very cool, will give this a run for the money!
Hi Justin!
For the name, I will think about something like wp-members…
Thanks again!
So far so good Justin. Everything I have tried so far has worked and I’m using wp 2.8.4.
Fairly sure this could change the face of wp user management and really open up some cms doors. Great work
I’m in the process of setting up a large WPMU site, and will be looking at testing your plugin on my sandbox – have you been building it primarily for the standalone or given the looming merge of the codebase has µ been taken into account while coding this plugin?
Dugged (sp?)
I would have downloaded the plugin too if I have a nice blog with a lively community such as this one. Thought the least I could do is digg this post.
Hi Justin,
Great plugin and I may need to use it for a website I have in mind, but I just wanted to know if you’ve heard the Press This podcast where Joost de Valk interviews Mark Jaquith.
http://www2.webmasterradio.fm/press-this/2009/09/01/future-of-wordpress/
Mark mentions that in an upcoming version of WordPress (can’t remember if it is 2.9 or 3.0), they are going to overhaul the underlying permissions / roles framework. Do you know if that will affect this plugin? Hope not!
Awesome, I love breaking stuff!
I always found WP lack of CMS capabilities
we definatly need nice plugins
gonna test it
thank you
rgregory — I’ll keep that name in mind.
Aaron — Thanks. I look forward to your feedback.
Steupz — It’s definitely catchy.
Adam W. Warner — I like Access Manager too, so it’s definitely on my list of possibilities.
The Frosty — Thanks. I can definitely use all the feedback I can get.
NotAlame — If I go with WP Members, I’ll probably just stick with Members because it’s shorter.
Xavier — That’s good news. I’m glad I haven’t broken anything for you yet.
I do hope that it changes how we handle users in WordPress. The goal of this plugin is to keep pushing WordPress more toward a true CMS. I’m already breaking my own rule and giving it a live test run (25+ writers on the site), and I love the control this has given me.
mwaterous — I don’t personally test plugins on MU, especially since it’ll be merged with the standalone WordPress. I do hope this works as expected with MU, so any feedback you can give me in that regard would be highly appreciated.
Terry — Thanks. The more people we have testing it, the better.
Stephen Cronin — If I had a nickel for every time I’ve been asked about the upcoming changes…
Honestly, I’m keeping track of any changes. From what I understand, it’s not so much an overhaul as a removal of a few current features, which will actually be helpful for the development of this plugin (less work for me).
Andrea_R — Great. I could definitely use some feedback from someone in the WPMU community.
Derek Dorian — Other than decent role and user management, I think the only thing really lacking is a good custom post types plugin. So, I’m happy to be developing at least one thing that’ll make WordPress a better CMS.
Actually, I *can* think of uses for a good role management plugin in a single user blog.
In blogs I install for clients (using the Role Manager plugin, no longer maintained), I often restrict their privileges to a customized Editor level. They can do everything they would want to do, but can’t do stuff like change plugins or themes, edit files, or other activities that have the potential of breaking the site.
However, I also give them the privilege of upgrading themselves to Administrator if they need to or want to.
That way, the interface isn’t cluttered up with settings that they shouldn’t (and don’t want to!) use, or change by accident. But they can if they really want to, or if they hired someone else to help maintain the site, etc.
I think many single users would prefer setting things up like this. It reduces interface clutter, and (for non-power users) reduces the potential of changing settings by accident.
Wanted to add something else (really glad you’re working on this, btw!):
You ask:
“How should restricted pages (Content Permissions component) be handled? Remove from page lists if user isn’t allowed to view them?”
I think the best scenario is to make it optional to show the restricted page link on lists on a case-by-case basis (opt-in/opt-out checkbox in the admin panel or something like that).
Sometimes you don’t want non-members to even know restricted pages exist. For example, you might have pages that are only for editors and admins, etc.
But other times, you want non-registered visitors to see an intriguing link that they can’t access to encourage them to register.
So it’s best to make this a flexible option, if possible.
Tyler Gore — That would be a good case when using this kind of plugin would come in handy on single-user blogs. I hadn’t even though of that.
As for pages, I think it’s probably a good idea to add an additional checkbox so the author can choose this on a page-by-page basis.
I just have to tell you that this is making life so much easier. I’ve been hacking away at using the P2 theme and this plugin to create an internal(private) developer/client communication system. Everyone gets to see general announcements and other solid tips (and participate in the discussion). Plus, if there are individual communications with each client, it is easily restricted to the correct party. And only logged in clients get access.
Makes it easier for our internal side to see and interact with all clients at once and to see in a quick glance what is going on.
Hi Justin,
This plugin sounds great. Will it be able to do the following:
I have multiple sidebars for various parts of my site. Can I restrict my editors to only be able to view & edit particular sidebar?
It would be ideal to assign a particular sidebar to a Role Scoper group. For a graphical representation what I’m trying to do, see this image: http://content.screencast.com/users/egordin/folders/Jing/media/10f8b431-9d6f-4e22-abe5-c261f8d3ea56/00000008.png
Thanks
Benjamin — That sounds like a cool system. I’ve got a fairly complex set of users on one of my sites, so making sure the correct people have the appropriate access on that site has been a huge driving force behind this plugin.
Eugene Gordin — Is that possible? Definitely. You don’t even need this plugin to do that. Will the plugin add some sort of interface for this? It’s not in the plans at the moment.
Thanks for getting back to me Joe. I have scoured the interweb many times over searching for a way to achieve this. Can you explain how? No one seems to know.
Thanks again!
I’m testing the Shortcodes component and have a question.
Can you please advise how to change from the following:
[access role="level1"]Hide this content from everyone but Level 1.[/access]
to [access role="level1"]SHOW this content to everyone but editors.[/access]
Thanks
Paul
May you consider to give some detailed info on how to make plugins capabilities available for Members ?
That is what I have been looking for a long time ago as the existing functions in WP does not allow me to customise or restrict curtain users roles. I am happy to test this on my demo blog first. Thanks
On your other page, where you are giving an tutorial regarding adding custom profile fields I was asking if I could beta test your plugin.
Sigh, only now I found this page. Sorry for the earlier brainfart. I am already using this plugin on my new website. Hope that we will be able to chat about future functionality soon.
I have a lot of ideas, because I was on the verge of starting to write such a plugin myself
.
Justin,
By the description, I thought it has the features to manage the different roles from within the options page. But I dont see anything like that.
Does this have to be done via coding or through the interface?
Do you have any documentation available? (I know it may be a bit early to do so)
This is something that I have been looking for, and was going to take the risk in implementing online. But if you could tell me how i can actually use it, that would be great.
K
Sorry for my previous comment. This works fine. Exactly what I have been looking for.
Thx, will download for my other blog
I was wondering if this plugin worked for WordPress Mu? I am looking for something to globally lock down privileges across all the blogs under a Mu Install, with only the top level admin able to control what blog owners and contributors have access to. Could I, for instance drop this into my mu-plugins directory and hard-code in the options (I don’t mind getting my hands dirty if that would work!!).
By the way – keep up the good work Justin, I have been following your site for a very long time and your contribution to the WordPress community is much appreciated. I have learned loads – for instance your early, detailed coverage of taxonomies was very useful and I was able to learn more from your couple of posts on it that anywhere else (including the Codex!!).
Hi, Justin, hope I’m not too late to hop on this beta bandwagon. Count me in.
Hi Justin
Is there a way to prevent that a role has access to all the images in the media library? I have different photographers uploading images. The images are published by add them into a post. Of course the photographer should only have access to its own pictures.
A media library where each user can manage their own picutres and post ony their own pictures… is something like that possible?
Thanks a lot for your feedback.
Serge
Have been testing for 24 hours on a few non-public sites; So far I really like what I see; simple and elegant..
I wanted to test Members in conjunction with VastHTML’s Forum Server plugin [fork of the WP Forum plugin] where I [and many others] have a need to be able to give user management capabilities to non-admin users in a secure and structured manner.
The main problem I’ve encountered seems to be one of logic and a lack of heirarchy in the scope assignments – and this may well be a WP problem rather than any issue in the Members plugin; thus if I create a new role of Moderator, which is effectively a clone of the Editor role, and then assign create_user edit_user and delete_user rights to that Moderator role then, as the “Members” plugin currently functions, any Moderator can now create another Moderator or an Administrator level user, or promote themselves to be an Administrator.
This is logically and functionally wrong as far as running a WP site is concerned, even if in coding terms it makes clear logical sense.
Any given Role – when assigned the required capabilities – should be able to manage the community of users below their own level of capability, but should have no ability to do anything to or with those Roles that are of equal or higher capability, let alone create users of higher capability or promote themselves to such a higher level. I use the concept of higher and lower levels of capability in a loose descriptive and vernacular sense.
That’s my first wishlist item; off to play a bit more with other functionality in Members.
Naming suggestion: short and sweet – WP-MP
All the best,
Robert
Seems to be a very nice plugin. I have no use for it now, but I have been looking for something similar for a future project. Will absolutley keep this and let you know after some testing!
Hey Justin, I agree with John with the name WordPress Access Manager or WP Access Manager, it covers all the basis of the plugin. I haven’t started testing as yet but I hope to start testing soon as I am busy on some other projects.
I am not sure if you have this implemented as yet if you do then ignore this comment.
I think you need to setup some form of wishlist system for this plugin so people can post features they want for various version releases etc. instead of posting it here in the comments section. Gives you a better history and feature control, and people could comment on a feature aspect or file bugs on a feature aspect.
I have some ideas but will wait for a wishlist system to put my ideas there.
Just my thought but good luck with this plugin.
Jai
this is what I have been searching for a some time ago as the existing functions in wordpress does not allow me to change or restrict curtain users roles. I am really happy to test this on my demo blog first. Thanks
i love this plugin but there is one problem..
if i want to build a wordpress based wesite to a client
and want to give him access to change widget order (Drap drop interface)
or give him the ability to touch template option in templates that have side banners..
Just installed and create a new role with “Read” capability, just like a subscriber.
Subscriber has 2 capabilities but only “Read” checked, why ??
By the way, can I include your roles checkboxes in my custom post type ?
I want to give freebie content to users who sign up on my site. They only would have access to this content. I hope the plugin works for that.