User Permissions Plugin


Download: User Permissions
Version: 0.8.4
Supports: WordPress 2.6.2
Other: | SVN
Support: Not supported anymore

User Permissions is a plugin that takes the simple WordPress permissions models one step further and allows you to assign permissions to specific posts that restrict users or roles from reading or editing it.

To summarize:

  • Restrict reading or writing of post or page according to the user’s role (i.e. prevent non-registered users reading a post)
  • Allow specific users to read or write a post or page
  • Permissions are assigned directly inside the post itself – there is no additional interface
  • Fully localized

This plugin works very well with Red Alt’s excellent Role Manager plugin. If you are interested in using permissions then you will probably be interested in that too.


The plugin is simple to install:

  1. Download User Permissions
  2. Unzip
  3. Upload user-permissions directory to your /wp-content/plugins directory

You can find full details of installing a plugin on the plugin installation page.


Using the User Permissions is very simple. When you are editing a post or page a new form will appear to the right of the content:

Edit Box

When a role is enabled, all other roles are restricted. That is, if you give the administrator read and write access to a post then all other roles that are not enabled are restricted. If no roles are restricted then access is determined by the WordPress defaults.

The user section allows you to additionally specify user IDs (comma-separated) that are specifically allowed access. Any user listed here is allowed access, even if they are otherwise denied by their role.

If you restrict read access to a post then it is removed from the home page, search results, and archives, for anyone who does not have permissions. You can additionally define a post ID which will a restricted user will be redirected to should they attempt to view the post.

An administrator cannot be restricted.


Please direct all support questions to the User Permissions support forum. Any support questions left on this page may not be answered.

Support & Bugs

This plugin is no longer actively maintained.

110 thoughts on “User Permissions Plugin”

  1. This seems like a useful plugin, but I am having trouble getting it to work. When I edit a post, I set Roles to “Allow” and check a few boxes. But when I save the post all the settings in the permissions box go back to the default. Does that mean that it is not saving the settings?

    I was trying to test whether or not the plugin will block an unregistered user from reading the posts.

    I am using the latest WordPress (2.0.5).

  2. sorry, please delete my previous comment….

    of course it’s possible to grant/revoke edit permissions,
    it’s only not possible to hide posts….

  3. It does not work for me either. It just does not save the settings. After hitting Save or Publish it just reverts to the default ignore settings…

  4. It wasn’t working for me either, so I had a dig around and found that “unserialize” needs to be called twice in “get_restrictions”. Like all the best hacks, I have no idea why, but it works and that’s all I wanted!

    You can apply the fix by changing line 190 from:

    return unserialize ($row->meta_value);


    return unserialize(unserialize($row->meta_value));

    Hope that helps.

    Thanks for the plugin too, it’s exactly what I was looking for!

  5. This isn’t working for me at all. The settings are not saved.

    I have tried the ‘unserialize’ hack but that hasn’t worked. You say that the ‘edit_permissions’ capability should be created with role manager but how do I do that?

    Any ideas? It’s perfect for what I need… if only it worked!

  6. I have the same problem as Paxton i.e. I hit publish and the settings aren’t being saved.

    I tried Phil’s hack and unfortunately that didn’t seem to fix the plugin.

    Please help fix this plugin – it is an amazing addition to the WP admin.

    Thank you

  7. okay, the per-post privilege settings seem to work great for ‘Posts’, but not at all for ‘Pages’.


    (thanks again for writing much needed this plugin)

  8. argh. this is driving me crazy because this plugin seems to be perfect. it just don’t work!
    I tried Phil Newston’s hint “line190: return unserialize(unserialize($row->meta_value));” in fact it made the permission settings save correctly. unfortunately this just hast no effect.

    a page with a permission (ALLOW) for one special usergroup can still be seen by anyone … 🙁 is it because auf my wordpress version? (2.0.7 – german as the 2.1 didn’t work with “Role Manager”)?

    It would be great if anyone had an idea to solve this!

    🙂 Bernd

  9. erm.. perhaps I didn’t understand the purpose of this plugin right.
    I need to restrict specific pages and posts to certain Frontend(!) Users/Groups.

    And this plugin only restricts the use of pages and posts for backend users? Sorry for this misunderstanding.
    ..hmm…isn’t it somehow possible to transfer this model to frontend users as well?


  10. Yes, it doesnt work. It will not save the permissions that Ive selected. Each time I go back to the post, I can see that it has deleted my selections and revered back to ignore.

  11. Hmn…Just wondering if it would be better to have a ‘user’ drop-down list for "Subscriber" "Author" … since some blog may have hundreds of registered users. An ajaxified minimize and maximize the users list would also be good =P.

  12. This is great. Its almost exactly what I need… almost

    Phil’s hack worked for saving the permissions. Thanks.

    I need to allow specifiic users to be able to edit pages. Has anyone come up with a hack that will allow this?

    Thanks in advance!

  13. To make the permissions affect Pages, add the following after line 178:

    case 'edit_pages':
    case 'edit_others_pages':
    $restrictions = $this->get_restrictions ($args[2]);
    if (is_object ($restrictions) && $restrictions->is_restricted ())
    $all['edit_others_pages'] = 0;

    This will work for Roles but the list of Users doesn’t appear for me to add per-user restriction.

  14. this really looks like it should be built into wordpress, has anyone gotten it to work with the latest WP ?

    It’s not displaying the permission box

  15. The plugin seems to want to work, but permissions do not get set upon saving a document via ‘Manage Posts’.
    WP 2.2.1

  16. Marcus… I think this project is dead. While the plugin module appeared for me (on the actual ‘post edit’ page), the plugin isn’t attached to any database. So I don’t know how it is expected to work.

    In both WP2.2.1 and 2.2.1 I can check the fields, but without a table, check selections are obviously not remembered.

    I welcome anyone to show me the error in my ways… because I’d really like it to work.

  17. I seem to have the opposite problem, I can’t see the fields, but it is creating a _permissions metakey and metavalue in the postmeta table, so it definitely can save data. I’m going to try and figure out how to fix it up so we can use it, I’ll let you know if I get anywhere.

  18. Alright, I think I’ve fixed it. Still have to test to make sure the actual restrictions work, but I can see the form and the data saves correctly!

    Fix #1 (aka why the sidebar box wouldn’t show)
    Line 111: Remove the space between can_restrict and the () like so:
    if (Permissions::can_restrict() && ($authors = get_editable_authors ($current_user->id)))

    Fix #2 (aka why the data doesn’t seem to save – it’s actually saving but it’s being read back incorrectly)
    Line 190 Replace this:
    return unserialize ($row->meta_value);
    With this:
    $results = unserialize($row->meta_value);
    $results = unserialize($results);
    return $results;

    That should do it! Now to make sure the plugin actually does it’s job!

  19. Version 0.5 has been released which fixes all known problems and adds the ability to restrict reading of posts. Note that the way the plugin works has changed. Existing permissions will be automatically migrated

  20. Marcus- I tried your changes to the previous version of user-permissions but did not see any change in performance. I tried
    $results = unserialize($row->meta_value);
    $results = unserialize($results);
    return $results;
    both with and without surrounding {} (I assumed you meant to include them).

    John- version .5 does not behave correctly. The only settings that took were to supply a user with both read and write. However, the result of this operation was to block ALL users from reading or editing the post… including the admin. I can give you access to my sandbox if you would like to see/test for yourself.

    WP version 2.2.2
    PHP version 4.4.7
    MySQL version 5.0.27-standard

  21. Rich,

    I’ve tested and retested version 0.5 but everything works fine for me. If you have a sandbox then send the details in an email and I’ll take a look at what’s happening

  22. I’m curious as to the difference between User-Permissions and Disclose-Secret and if we are using User-Permissions do we even need Disclose-Secret ?

  23. tested the 05 version and none of the permissions are working, any page with a permission selected can be access publicly

  24. Like the last poster, the plugin doesn’t seem to work at all. It is activated, and I can set permissions and they are retained with a page or post, but even if I am not logged at all, I can still see and view pages / posts that are marked restricted as read for subscriber, etc…

  25. First of all, very nice plugin, that’s exactly what I was looking for. Setting permissions works fine, but it seems that an administrator is still restricted when the role is not enabled.
    I’m using WordPress 2.2.2.

  26. hi, thank u your for great plugin…i wonder how can change the page redirection to login page when user click on my restricted page…or just to put message "This page required user login" instead of redirect page to my homepage…thank u…=)

  27. I dont understanad the redirect section, why would one need this when the restricted pages are not viewable by specified user, if they can see the menu then there’s no need to worry about them attempting to access it, this plugins makes the page visible only to the user defined

  28. Alias, the redirect section is needed so that you can determine what happens when someone does try to access a restricted page (for example, redirect them to a login page).

    LostInNetwork, you can create any role you want using the Role Manager plugin (detailed above).

    Ming, enter the login page URL in the ‘redirect’ field

    Martin, what permissions did you create to restrict the administrator?

  29. Any thoughts on making this plugin like the group restriction plugin ? i recently got rid of role manager and found that with group restriction, there’s no need to use the user permissions plugin, but i like your plugin better unfortunately it doesn’t create user groups 🙂 would be nice to combine al the best features from userpermissions, disclose secret and group restriction since they all are very similiar

  30. Hi,
    I have installed your plugin on WP 2.3 and it seems to be set up but I cannot get it to restrict editing of specific posts. I want to have one person assigned to edit one post and another assigned to edit another post. But they can both view / edit the others posts under manage.

    I have admin checked as ‘W’ write. The two users are ‘editors’ and I have nothing checked there. Then I have their respective USERID entered into the ‘User IDs (write):’ box below.

    When I login under their accounts I can still see the other accounts post for editing.

    I can send you login / pw if you want to check it out.

    Maybe I am not implementing it correctly?

    Thanks for your help – this seems to be a very useful plugin.

    Chris C.

  31. Alias, a role is effectively a group and you should be able to implement most grouping just by creating your own roles.

    Chris, send me the login and I’ll have a look

  32. Just what I needed. Back to Ming’s earlier question, more granularly – if I wanted to have this (redirection to the registration page) as the default behaviour, what would I need to change in the code? Also, how would I set default access levels for posts in the code (say – all as ‘read’, and ‘write’ up from Editor-level)?

    Much appreciated!

  33. Mikko, currently there is no way to set a default set of permissions, nor a default redirection. I’ll add this on to the list of new features for the future.

  34. Hi

    if you were struggling with the issue of implementing pages that you wanted to restrict viewing access to, primarilly for non-subscribers of any sort, this worked for me:
    1) Download Role Manager :
    2) Install & Activate plugin
    3) Under users set up a new role called Non Subscribers
    4) Under their capabilities don’t select anything but just alllow role to be built
    5) Set up a new page or sub-page ( I wanted to restrict reading of a sub-page)
    6) In the permissions box select the permissions checking R or W against all the various roles accept for Non-Subscriber
    7) Insert post to link to if someone clicks on the page – make the post friendly
    8) Publish the page

    and voila, although the sub-page heading maybe visible, if someone clicks on it that doesn’t meet your criteria they can’t see it. The sub-page can be hidden as well using

    Now working on posts

  35. I’ve noticed a major bug. If the last entry has permissions applied you’ll get a 404 until a user is logged. As soon as turn off all on the last entry, all’s well.

  36. Using Role Manager with this is major over-kill, not to mention using that plugin can mess up default permissions, I would like to see the User-Permissions be merged with the Group Restriction which is outstanding only it doesnt protect posts, just static pages but does it quite well.

    Personally I absoutely hate the wordpress user setup ;)) would be nice to see this plugin not rely on the built in groups but instead have the ability to create new groups similiar to the group restriction plugin. How frustrating it is to have two great plugins but both missing what the other has Doh!!

  37. Hi,

    Is it possible to set all right to try by default / as défault value ?????


    (french user)

  38. Bug found:

    Flagged a post to be restricted to R/W by Admin and Editor and to be R only by Author. Guest, Subscriber and Contributer have no access. UserIDs (read and write) ar left blank.

    If the "Recent Posts" widget is in a sidebar it will display the contect in the sidebar(s) until it get’s to th "Recent Posts" widget then ends in an error rather then displaying the titles of the any of the recents posts and also does not display any content in your target frame 9until you navigate to a different page or category. Remove the "Recent Posts" widget from your Theme and everything works.

    We are displaying a Static home Page for a welcome.

    WordPress 2.3.1, mySQL 4.0.18-nt, PHP 4.4.2

  39. Steve, I can’t recreate that problem. Do you have any more details?

    Dave, I also can’t recreate this problem. I am using the default theme with the recent posts widget and everything is displayed as expected. It’s possible your problem is caused by another plugin or something in your theme. You could try changing theme, or disabling other plugins.

  40. Great plugin… But now none of my pages can be seen by unregistered users.

    How do you set the permissions of normal visitors? If I allow every role to read a certain post/page, no normal visitors can access it. I’ve tried everything with the role manager plugin, but there is no way to specify the role of a non-subscriber. No one can view any of my pages! =S

    Thanks for any help,

  41. Hi, This plugin is exactly what I need,

    I have not tried to edit it in any way, but I can’t get it to work.

    When I am editing a post or page a new form does not appear to the right of the content at all.

    I have role-Manager plugin installed and working.

  42. Hi,

    Thanks for your plugin! It seems to be exactly what I have been looking for.
    There is one issue with the categories:
    I have a lot of private posts in many categories. So nobody can´t see the links to these categories.
    But I would like to see them myself as soon as I log in. But Even as admin I only see links to the three categories containing published posts. I assume this is because the posts are "private" and I would need to publish them in wordpress in order to make
    display all the categories.
    But doing so will open the posts to everyone.
    Is there a way around this?

    Many thanks,

  43. Daniel, if you don’t assign any read permissions to a post then non-subscribers can read it

    Mike, what version of WP are you using? Do you have any other plugins installed that might be interfering with this one?

    Walid, you may have some luck using this plugin to remove read capability from the posts, but otherwise set them to published. You’ll then need to modify your theme so that only you can see the category.

  44. Hello John,

    I hope you are well.

    This plugin looks perfect these days. The interface looks great now.

    [bug report moved here]

    In the meantime, we’d love to nail that one down so that our clients can’t break it.

    Have a good weekend, Alec

  45. You said an admininstrator cannot be restricted.

    I limited a post to Module02 read only. Now I can see it when I log in as Module02 user – but cannot see it as Admin and cannot edit it as Admin.

    Any cure for "losing" a post?

    Thanks – this looks to be working fine with 2.3.2 so far.


  46. Great plugin man! One problem, I want to restrict a parent page from being edited, but allow all the subpages. Right now, restricting a page also restricts it’s subpages. Or am I missing something?

  47. I was mistaken – it’s not working at all. Activating it and setting both R/W permissions removes all pages from non-admin users no matter what. I’m running WP 2.3.3 with php5.

  48. Same problem we are having Jeromy.

    Apparently John is working on it. In the meantime, we are rolling our own, but it’s based on some edit templates we are using already.

  49. Thanks Giraffe for this plugin ! After spending hours to find one who fits for my registered users needs, yours is exactly the perfect one ! Lots of plugins don’nt work good with latest versions of WP or make trouble when accessing “registered” page. I hope you will follow this plugin and make new update with new features !
    Nice Job.

  50. Hey man – thanks for continuing work on this! I’m still having problem – I set permissions and save them for a page, but the permissions don’t stick – upon ‘save and continue’ the page refreshes and all of my checkmarks are gone – on top of that, just activating the plugin disables page editing on all pages for anyone not an admin.

  51. Using this plugin, I can nicely restrict posts to different roles/users, but comment feeds (RSS2/Atom) will show all comments to everyone. Is there any way to restrict this to comments that are part of posts one is allowed to read?

  52. Hi The Giraffe !
    I cannot see anymore the restriction menu with WP2.5, is this a known issue or a bad configuration from my WP ?

  53. I have the same problem with wordpress 2.5 but only for pages (can’t see the permissions menu when I want to write a new page or edit an old one) – for posts I still have the permissions menu. Is there something to do? Thanks!

  54. i have the same problem as emma! I can only use “user permission” when writing posts, the “user permission” is not an option when writing pages…

  55. hi there!
    i was hoping that with the WordPress 2.5.1 update the pülug in would work again, but it doesn’t! I still have the problem that i can not set any user permissions when writing pages….

  56. Hi there,

    that seems like exactly what I am looking for. Is it compatible with the latest wordpress 2.5.1?


  57. How do I get this plugin to only work for users to edit only assigned pages ? I want the pages to be able to displayed for the public.

  58. Hello, great plugin!

    but in WP 2.6 it have a problem:

    Fatal error: Call to a member function on a non-object in …/wp-content/plugins/user-permissions/user-permissions.php on line 94


  59. I have the same problem 🙁
    Fatal error: Call to a member function on a non-object in …/wp-content/plugins/user-permissions/user-permissions.php on line 94

  60. Thanks, but I try 0.8.1 – WP 2.6:

    Fatal error: Call to a member function on a non-object in …/wp-content/plugins/user-permissions/user-permissions.php on line 95

  61. hi there,
    i had the problem yesturday that my homepage was white! I deactivated all the plug ins and 1 byx 1 reactivated them! it turns out that the problem was in the user permissions plugin! i then took a look here and found and installed 0.8.1 but I still have the problem! I’m using word press 2.6 if that helps any…
    thx although for a great plug in!

  62. Well, I only got the Fatal error: Call to a member function on a non-object when I was installing in a subdirectory. It works fine in root directory.

Comments are closed.