Plugin Directory

Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More

Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More


Advanced Access Manager (aka AAM) is a powerfully robust WordPress plugin designed to help you control every aspect of your website, your way.

Few Quick Facts

  • The only plugin that gives you the absolute freedom to define the most granular access to any aspect of your website, and most of the features are free.
  • Bullet-proven solution used on over 100,000 websites where all features are well-tested and documented. The low amount of support tickets speaks for quality.
  • It is the only plugin that allows managing access to your website content for any role, individual user, and visitor or configuring the default access to all posts, pages, custom post types, categories, and custom taxonomies.
  • AAM is a developer-oriented plugin. It has dozens of hooks and configurations. It is integrated with WordPress RESTful and XML-RPC APIs and has numerous abstract layers to simplify coding.
  • No ads or other promotional crap. The UI is clean and well-crafted, so you can focus only on what matters.
  • No need to be a “paid” customer to get help. Request support at any time.
  • Some features are limited or available only with premium add-ons. AAM functionality is transparent and you will know when the premium add-on is required.

The Most Popular Features

  • [free] Manage Backend Menu. Manage access to the backend menu for any user or role.
  • [free] Manage Roles & Capabilities. Manage all your WordPress roles and capabilities.
  • [free] All necessary sets of tools to manage authentication with JWT.
  • [free] Create temporary user accounts. Create and manage temporary user accounts.
  • [limited] Content access. Granular access to an unlimited number of posts, pages, custom post types, terms, taxonomies, or custom taxonomies.
  • [free] Manage Admin Toolbar. Filter out unnecessary items from the top admin toolbar for any role or user.
  • [free] Backend Lockdown. Restrict access to your website’s backend side for any user or role.
  • [free] Secure Login Widget & Shortcode. Drop the AJAX login widget or shortcode anywhere on your website.
  • [free] Ability to enable/disable RESTful and XML-RPC APIs.
  • [limited] URI Access. Allow or deny access to any page of your website by the page URL as well as how to redirect a user when access is denied;
  • [free] Manage access to RESTful or XML-RPC individual endpoints for any role, user, or visitor.
  • [free] Passwordless login with URL.
  • [free] Content Filter. Filter or replace parts of your content with AAM shortcodes.
  • [free] Login/Logout Redirects. Define custom login and logout redirect for any user or role;
  • [free] 404 Redirect. Redefine where a user should be redirected when a page does not exist.
  • [free] Access Denied Redirect. Define custom redirect for any role, user, or visitor when access is denied for a restricted area on your website.
  • [free] Manage Metaboxes & Widgets. Filter out restricted or unnecessary metaboxes and widgets on both frontend and backend for any user, role, or visitor.
  • [paid] Manage access based on an IP address or referred domain. Manage access to the entire website or any specific page or post based on referred host or IP address.
  • [free] Multiple role support.
  • [and even more…]


We take security and privacy very seriously, that is why there are several non-negotiable items that we obey for all cost in the basic AAM version.

  • AAM does not create new or alter existing website database tables;
  • AAM does not read any files outside of the AAM plugin’s folder;
  • AAM does not create new, write or delete any existing files or folders on a server;
  • AAM does not capture or send externally any information about how it is used;
  • AAM does not capture or send externally any information about a website server. The only exception is a website domain that is assigned to a premium license during activation;
  • AAM does not integrate with any other plugins directly;
  • AAM does not impersonate or swap user login sessions. All the authentication is handled by WordPress core where AAM may provide only verified and trusted information as means of authentication;
  • AAM does not include advertisement of any kind (no banners, cross-sales pitches or affiliate links);


  • Manage access to backend menu
  • Manage access to metaboxes & widgets
  • Manage capabilities for roles and users
  • Manage access to posts, pages, media or custom post types
  • Posts and pages access options form
  • Define access to posts and categories while editing them
  • Manage access denied redirect rule
  • Manage user login redirect
  • Manage 404 redirect
  • Create your own content teaser for limited content
  • Improve your website security


  1. Upload advanced-access-manager folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress


18 marts, 2024
I am looking to hide “metaboxes” in Gutenberg editors, but as far as I understand in the “Metaboxes and Widgets”, in the “Articles” section, when I click hide (Comments, Slug…) .it does nothing.Does it only work in classic editor ?
29 februāris, 2024
Very comprehensive plugin that was able to do a lot of the things that I needed (especially in comparison to other ones out there when it comes to access management). Support was prompt, professional and very helpful and actually went above and beyond to help me out even after I had misunderstood some of the terms and conditions. They really know their stuff when it comes to WP so you are in good hands!
11 janvāris, 2024
Olá Equipe do Advance Access Manager, Gostaria de expressar minha imensa satisfação com o AAM! Minha experiência com este plugin tem sido excelente, proporcionando um gerenciamento detalhado de usuários e acessos de forma intuitiva e fácil de compreender. O AAM se destaca como o melhor plugin que já encontrei até hoje para lidar com as nuances do controle de usuários e permissões. A interface é amigável, facilitando a configuração e administração das permissões de acesso, tornando todo o processo extremamente eficiente. Agradeço à equipe do Advance Access Manager pelo desenvolvimento de uma ferramenta tão poderosa e eficaz. Continuem o excelente trabalho!
20 oktobris, 2023
Really the quickest and best support I’ve had for any software, ever. Marvellous!
18 jūnijs, 2023
Great Access manager to control in details which menu/pages are accessible per user/groups. In my opnion, this a must plugin
Lasīt 416 atsauksmi

Autori un izstrādātāji

“Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More” ir atvērtā pirmkoda programmatūra. Šo spraudni ir veidojuši šādi cilvēki.


“Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More” ir tulkots lokalizācijās 6. Paldies tulkotājiem par ieguldījumu.

Tulkot “Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More&#8221 savā valodā.

Vai jūs interesē attīstība?

Pārlūkojiet kodu, apmeklējiet SVN krātuvi vai abonējiet attīstības žurnālu, ko izveidojis RSS.

Izmaiņu žurnāls


































  • Changed: Enhanced security pasture by escaping potentially harmful output, if information was directly modified in the DB or not escaped during storing AAM settings, reported by WordPress Plugin Review Team
  • Fixed: Cleared potentially corrupted data about status of premium add-ons.
  • Changed: Re-opened direct communication with the AAM developer through the Slack channel https://aamplugin.com/support



  • Changed: Adjusted suite of automated tests, confirmed that AAM is compatible with the latest WP version




























  • Fixed Bug: Backend Dashboard index.php still could be restricted with Backend Menu service
  • Fixed Bug: Policy Generator – Fatal error with PHP lower than 7.0.0
  • Fixed Bug: Policy Validator – Improper dependency validation when if it is not installed
  • Fixed Bug: Default access settings not propagated to user that does not have any roles (multisite setup)
  • Fixed Bug: Reset settings where not synced across all subsites in multisite setup
  • Added New: Ability to define wildcard BackendMenu resource with Access Policy
  • Added New: Ability to define wildcard Metabox resource with Access Policy
  • Added New: Ability to define wildcard Widget resource with Access Policy
  • Added New: Ability to define wildcard Toolbar resource with Access Policy


  • Fixed Bug: Very minor UI issue with Access Policy Delete pop-up
  • Added New: Enhanced Access Policy with new POLICY_META token
  • Change: Access Policy post type supports custom fields now



  • Fixed Bug: Unnecessary backslashes before displaying the access policy https://forum.aamplugin.com/d/432-access-policy-ui-escaping-slashes
  • Fixed Bug: aam_access_dashboard custom capability caused “Access Denied”
  • Change: Enforcing default 307 Temporary Redirect code if none is provided for any AAM redirect functionality
  • Change: Persisting the last managed role, user or visitor on the AAM page
  • Change: Improved safety by using the last role on the list instead of the default Administrator role
  • Change: Optimized access policy service. Changed the way it is applied to any given object
  • Added New: Migration script that clears previously detected migration errors


  • Fixed Bug: Access Policy UI – the “Attach to Default” button was not rendering correctly
  • Fixed Bug: Role Management UI – the PHP notice where Undefined variable: parent
  • Fixed Bug: AAM UI page – improperly compressed HTML response if server config does not match PHP executable INI settings
  • Fixed Bug: Login Redirect Settings – incorrectly merged settings for multi-role support
  • Fixed Bug: Logout Redirect Settings – incorrectly merged settings for multi-role support
  • Fixed Bug: Access Denied Redirect Settings – incorrectly merged settings for multi-role support
  • Fixed Bug: API Route Settings – incorrectly halted inheritance mechanism
  • Fixed Bug: Admin Toolbar Settings – incorrectly halted inheritance mechanism
  • Fixed Bug: URI Access Settings – incorrectly halted inheritance mechanism
  • Fixed Bug: Content Visibility Settings – incorrectly merged settings for multi-role support
  • Fixed Bug: Access Policy Core – incorrectly managed internal cache
  • Fixed Bug: AAM Core – incorrectly managed internal object cache
  • Fixed Bug: Content Service – incorrectly mapped do_not_allow capability if any of the registered post types have it
  • Fixed Bug: Content Service – fatal error Cannot use object of type Closure as array https://forum.aamplugin.com/d/354-php-fatal-error-cannot-use-object-of-type-closure-as-array
  • Fixed Bug: The aam_show_toolbar capability was not taken in consideration
  • Fixed Bug: Logout Redirect Service – White screen occurs if “Default” option is explicitly selected https://wordpress.org/support/topic/blank-log-out-page-on-6-0-5/
  • Change: Refactored internal inheritance mechanism where AAM objects no longer responsible to check for inheritance flag. This eliminates several constrains that we discovered recently.
  • Change: Multiple minor changes to the codebase to consume internal AAM API in more consistent way
  • Change: JWT & Secure Login Services – enriched RESTful API error responses with more details about an error
  • Change: Content Service – optimization improvements
  • Added New: Implemented new filter aam_token_typecast_filter for Access Policy for custom type casting
  • Added New: Implemented support for the => (map to) operator for the Access Policy
  • Added New: Implemented support for the AAM_CONFIG marker for the Access Policy


  • Fixed Bug: Refactored the license managements. Fixed bugs with license registration https://forum.aamplugin.com/d/356-unregistered-version-message
  • Fixed Bug: Some servers do not allow WP core string concatenation. This was causing 403 https://forum.aamplugin.com/d/389-message-loading-aam-ui-please-wait-403-forbidden
  • Fixed Bug: Media list on Posts & Terms tab is not rendered correctly due to improperly managed DB query for post type attachment
  • Fixed Bug: AAM core getOption method did not deserialized settings properly in some cases
  • Fixed Bug: Access Manager metabox was rendered for users that have ability to manage other users https://forum.aamplugin.com/d/371-you-are-not-allowed-to-manage-any-aam-subject
  • Fixed Bug: Logout redirect was no working properly https://forum.aamplugin.com/d/339-problem-with-login-shortcode-and-widget
  • Fixed Bug: The Drill-Down button was not working on Posts & Terms tab
  • Fixed Bug: Access policy Action “Create” was not converted at all for the PostType resource
  • Change: Simplified the first migration script by removing all error emissions. We captured enough migration logs to be confident about proper migration of the most critical settings
  • Change: Changed verbiage for the Enterprise Package on the Add-ons area
  • Change: Added info notification to the Posts & Terms tab for proper Media access controls
  • Change: Merge internal Settings service with Core service
  • Change: Added new migration script that fixed issues with legacy names for premium add-ons
  • Change: Added new internal AddOn manager class
  • Added New: Added the ability to check for new add-on updates from the Add-ons area
  • Added New: Published free AAM add-on AAM Protected Media Files https://wordpress.org/plugins/aam-protected-media-files/


  • Fixed Bug: https://forum.aamplugin.com/d/367-authentication-jwt-expires-fatal-error
  • Fixed Bug: JWT validation endpoint did not check token’s expiration based on UTC timezone
  • Fixed Bug: Removed unnecessary console.log invocations from the aam.js library
  • Fixed Bug: Fixed the potential bug with improperly merged options when access policy Param’s Value is defined as multi-dimensional array
  • Fixed Bug: https://forum.aamplugin.com/d/339-problem-with-login-shortcode-and-widget
  • Fixed Bug: https://forum.aamplugin.com/d/371-you-are-not-allowed-to-manage-any-aam-subject
  • Fixed Bug: Incompatibility with plugins that are extremely aggressive and modify the WP_Query “suppress_filters” flag. Shame on you guys!


  • Fixed Bug: Fatal Error – Class ‘AAM_Core_Server’ not found. https://forum.aamplugin.com/d/358-uncaught-error-class-aam-core-server-not-found
  • Fixed Bug: Fixed the bug where post types that do not have Gutenberg enabled are not shown on the Metaboxes & Widgets tab https://wordpress.org/support/topic/in-metaboxes-widgets-no-pages/
  • Fixed Bug: Not all possible post types are shown on the Posts & Terms tab


  • Fixed Bug: https://forum.aamplugin.com/d/361-uncaught-error-call-to-a-member-function-settimezone-on-boolean
  • Fixed Bug: https://forum.aamplugin.com/d/378-aam-6-0-1-conflict-with-acf-advanced-custom-fields
  • Fixed Bug: Migration script, fixed couple more minor bugs that were causing warnings


  • Fixed Bug: Numerous bugs fixed in the migration script. New script prepared to do additional clean-up and fix corrupted data
  • Fixed Bug: https://forum.aamplugin.com/d/369-notice-undefined-offset-1-service-content-php-on-line-509
  • Fixed Bug: https://wordpress.org/support/topic/6-0-issues/
  • Fixed Bug: https://forum.aamplugin.com/d/353-comment-system-activated
  • Fixed Bug: Migration script was skipping access settings conversion for roles that have white space in slug
  • Added New: Additional migration script for clean-up and fixing corrupted data


  • Complete rewrite of the entire plugin. For more information, check this article

  • Fixed the bug with Access Policy for Capability resource
  • Fixed the bug with Nginx redirect rules for media access


  • Prep for upcoming AAM v6 release. Converting all extensions to plugins
  • Covered odd use-case when some plugins decide to register CPT capabilities during plugin activation
  • Improved Backend Menu feature functionality

  • Fixed the bug with merging access settings for multiple roles
  • Improved the way capabilities are managed internally by AAM
  • Fixed PHP notice reported by jaerlo https://forum.aamplugin.com/d/207-indirect-modification-of-overloaded-property-aam-core-subject-user-roles
  • Fixed PHP fatal error reported by kevinagar https://wordpress.org/support/topic/fatal-error-3199/
  • Fixed the bug with Backend Menu feature where all the menu items that require “administrator” capability where not shown

  • Fixed the bug added slashes to the Access Policy JSON document
  • Fixed the bug with Metaboxes & Widgets to prevent PHP warning for widgets that registered with Closure callback
  • Fixed the bug in URI Access feature that causes PHP warning when data is merged for multiple roles
  • Fixed the bug with Access Policy rules that are not initialized correctly for Visitors
  • Fixed the bug reported on GitHub https://github.com/aamplugin/advanced-access-manager/issues/6
  • Changed the way AAM hooks into get_options pipeline with Access Policy “Params”. This is done to support array options
  • Changed the way Login Widget is registered to reduce code

  • Fixed the fatal error related to URI object


  • Fixed the bug with URI Access feature for URIs with trailing forward slash “/”
  • Fixed the bug with Access Policy where incorrect default value was propagated
  • Fixed the bug with API Routes not merged properly with multiple-roles support
  • Added HTTP Redirect Code to URI Access, Posts & Terms features
  • Added new Access Policy marker type QUERY that is alias for the GET
  • Added support for the null data type for Access Policy data type casting
  • Improved the way password-protected feature works; enhanced Access Policy to support it https://aamplugin.com/reference/policy#post
  • Deprecated and removed internal AAM cache by optimizing AAM performance. Cache became major constrain for the dynamic Access Policy conditions


  • Fixed the bug with Access Policy Param value that was not evaluating embedded markers
  • Fixed the bug that was causing PHP Warning for users that have none-existing role assigned
  • Fixed the bug with Customizer that was blocking user from publishing changes
  • Added support for tags – the ability to manage access to posts by none-hierarchical terms
  • Added the ability to define dynamic Resource names with markers in Access Policies
  • Added new Access Policy marker USERMETA https://aamplugin.com/reference/policy#usermeta


  • Fixed the bug with incorrectly identifying CPT capabilities
  • Fixed the bug with URI Access where there where no way to override wildcard rule
  • Fixed multiple bugs related to JWT authentication
  • Fixed the bug with Access Policy that triggers PHP Notice for visitors
  • Removed support for ConfigPress option core.settings.setJwtCookieAfterLogin
  • Added the ability to obtain Login URL from the “Manage User” modal
  • Added the ability to control AAM cache size https://aamplugin.com/reference/plugin#core-cache-limit
  • Refactored Capabilities feature to follow the best practices for integration with WP Core
  • Refactored JWT authentication so it can be more seamlessly integrated with user status


  • Fixed the bug with LIST and LIST TO OTHERS options for multiple roles support
  • Fixed the bug with managing access to custom post types that contain “-” in name
  • Added ability to refresh JWT token with new RESTful endpoint /refresh-jwt
  • Added ability to filter out metabox by its name with Access Policy
  • Improved Posts & Terms access control with Access Policy

  • Fixed several bugs that are related to post, page or custom post type editing


  • Fixed the bug with Access Policy access control
  • Fixed the bug with Access Policy tab shows only 10 last Policies
  • Fixed the bug where AAM was not determining correct max user level
  • Fixed the bug where user was able to manage his roles on the profile page
  • Fixed the bug with Access Policy “Between” condition
  • Optimized AAM to support unusual access capabilities for custom post types https://forum.aamplugin.com/d/99-custom-post-type-does-not-honor-edit-delete-publish-overrides/5
  • Enhanced Access Policy with few new features. The complete reference is here https://aamplugin.com/reference/policy
  • Enabled ‘JWT Authentication’ by default
  • Significantly improved AAM UI page security
  • Added new JWT Tokens feature to the list of AAM features https://aamplugin.com/reference/plugin#jwt-tokens
  • Added new capability aam_manage_jwt
  • Added “Add New Policies” submenu to fix WordPress core bug with managing access to submenus
  • Removed “Role Expiration” feature – it …