Plugin Directory

Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More

Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More


Advanced Access Manager (aka AAM) is a powerfully robust WordPress plugin designed to help you control every aspect of your website, your way.

Key Features

  • Unparalleled Flexibility: The only plugin that offers the freedom to define highly specific access controls across your entire site, with most features available for free.
  • Proven Reliability: Trusted by over 150,000 websites, AAM is rigorously tested and well-documented, ensuring top-notch quality with minimal support needed.
  • Comprehensive Access Management: Control access for any role, user, or visitor, and configure default permissions for posts, pages, custom post types, categories, and taxonomies.
  • Developer-Friendly: Loaded with hooks and configurations, AAM integrates seamlessly with WordPress core, providing a robust framework for custom development.
  • Ad-Free Interface: Enjoy a clean, well-crafted UI without any advertisements or promotional content.
  • Accessible Support: Get help whenever you need it without being a paid customer. Request support directly from your admin area.
  • Transparent Premium Features: While most features are free, some advanced functionalities require premium add-ons. You’ll always know when an upgrade is needed.

Popular Features

  • Manage Backend Menu: Control backend menu access for any user or role.
  • Roles & Capabilities: Customize WordPress roles and capabilities with ease.
  • Authentication Tools: Manage JWT authentication seamlessly.
  • Temporary User Accounts: Create and manage temporary user accounts.
  • Content Access: Enjoy granular access controls for posts, pages, and custom content types (premium feature).
  • Admin Toolbar Management: Customize the top admin toolbar for any role or user.
  • Backend Lockdown: Restrict backend access as needed.
  • Secure Login Widget: Use AJAX login widgets or shortcodes anywhere on your site.
  • API Management: Enable/disable RESTful and XML-RPC APIs.
  • URI Access Control: Control access to pages via URLs and set custom redirects (premium feature).
  • Endpoint Access: Manage access to individual RESTful endpoints.
  • Passwordless Login: Allow password-free login via URL.
  • Content Filtering: Use AAM shortcodes to filter or replace content.
  • Redirects: Set custom login, logout, 404, and access denied redirects.
  • Metaboxes & Widgets: Manage metaboxes and widgets visibility.
  • IP Address & Domain Access: Control access based on IP or referred domain (premium feature).
  • Multiple Role Support: Assign multiple roles to users.
  • And more…

Security and Privacy

AAM is committed to your security and privacy:

  • No alterations to your website’s database.
  • No reading of files outside the AAM plugin folder.
  • No creation, modification, or deletion of server files or folders.
  • No external data capture or transmission about plugin usage or server details.
  • No direct integration with other plugins.
  • No user session impersonation or swapping; authentication is managed by WordPress core.
  • No advertisements or affiliate links.

Discover the power and flexibility of Advanced Access Manager and take control of your WordPress site today!


  • Manage access to backend menu
  • Manage access to metaboxes & widgets
  • Manage capabilities for roles and users
  • Manage access to posts, pages, media or custom post types
  • Posts and pages access options form
  • Define access to posts and categories while editing them
  • Manage access denied redirect rule
  • Manage user login redirect
  • Manage 404 redirect
  • Create your own content teaser for limited content
  • Improve your website security


  1. Upload advanced-access-manager folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress


જૂન 10, 2024 2 replies
When we started using this plugin a year or so ago it was good. But now it conflicts with many other plugins and misses out plugins like WPCode. It actually locked me out of the plugin as an administrator, so I had to uninstall AAM.It is a shame because it was once a great plugin.
માર્ચ 18, 2024
I am looking to hide “metaboxes” in Gutenberg editors, but as far as I understand in the “Metaboxes and Widgets”, in the “Articles” section, when I click hide (Comments, Slug…) .it does nothing.Does it only work in classic editor ?
ફેબ્રુવારી 29, 2024
Very comprehensive plugin that was able to do a lot of the things that I needed (especially in comparison to other ones out there when it comes to access management). Support was prompt, professional and very helpful and actually went above and beyond to help me out even after I had misunderstood some of the terms and conditions. They really know their stuff when it comes to WP so you are in good hands!
જાન્યુઆરી 11, 2024
Olá Equipe do Advance Access Manager, Gostaria de expressar minha imensa satisfação com o AAM! Minha experiência com este plugin tem sido excelente, proporcionando um gerenciamento detalhado de usuários e acessos de forma intuitiva e fácil de compreender. O AAM se destaca como o melhor plugin que já encontrei até hoje para lidar com as nuances do controle de usuários e permissões. A interface é amigável, facilitando a configuração e administração das permissões de acesso, tornando todo o processo extremamente eficiente. Agradeço à equipe do Advance Access Manager pelo desenvolvimento de uma ferramenta tão poderosa e eficaz. Continuem o excelente trabalho!
ઓક્ટોબર 20, 2023
Really the quickest and best support I’ve had for any software, ever. Marvellous!
417 સમીક્ષાઓ વાંચો

ફાળો આપનાર & ડેવલપર્સ

આ ઓપન સોર્સ સોફ્ટવેર છે. નીચેના લોકો એ આ પ્લગિન માટે ફાળો આપ્યો છે.

ફાળો આપનારા

“Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More” નું 6 ભાષામાં અનુવાદ કરવામાં આવ્યું છે. Thank you to the translators for their contributions.

“Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More” ને તમારી ભાષામાં અનુવાદ કરો.

વિકાસમાં રસ ધરાવો છો?

કોડ બ્રાઉઝ કરો, એસવીએન રીપોઝીટરીમાંથી ચેકઆઉટ કરો, અથવા આરએસએસ દ્વારા ડેવલપમેન્ટ લોગમાં સબ્સ્ક્રાઇબ કરો.











































  • Changed: Enhanced security pasture by escaping potentially harmful output, if information was directly modified in the DB or not escaped during storing AAM settings, reported by WordPress Plugin Review Team
  • Fixed: Cleared potentially corrupted data about status of premium add-ons.
  • Changed: Re-opened direct communication with the AAM developer through the Slack channel https://aamplugin.com/support



  • Changed: Adjusted suite of automated tests, confirmed that AAM is compatible with the latest WP version




























  • Fixed Bug: Backend Dashboard index.php still could be restricted with Backend Menu service
  • Fixed Bug: Policy Generator – Fatal error with PHP lower than 7.0.0
  • Fixed Bug: Policy Validator – Improper dependency validation when if it is not installed
  • Fixed Bug: Default access settings not propagated to user that does not have any roles (multisite setup)
  • Fixed Bug: Reset settings where not synced across all subsites in multisite setup
  • Added New: Ability to define wildcard BackendMenu resource with Access Policy
  • Added New: Ability to define wildcard Metabox resource with Access Policy
  • Added New: Ability to define wildcard Widget resource with Access Policy
  • Added New: Ability to define wildcard Toolbar resource with Access Policy


  • Fixed Bug: Very minor UI issue with Access Policy Delete pop-up
  • Added New: Enhanced Access Policy with new POLICY_META token
  • Change: Access Policy post type supports custom fields now



  • Fixed Bug: Unnecessary backslashes before displaying the access policy https://forum.aamplugin.com/d/432-access-policy-ui-escaping-slashes
  • Fixed Bug: aam_access_dashboard custom capability caused “Access Denied”
  • Change: Enforcing default 307 Temporary Redirect code if none is provided for any AAM redirect functionality
  • Change: Persisting the last managed role, user or visitor on the AAM page
  • Change: Improved safety by using the last role on the list instead of the default Administrator role
  • Change: Optimized access policy service. Changed the way it is applied to any given object
  • Added New: Migration script that clears previously detected migration errors


  • Fixed Bug: Access Policy UI – the “Attach to Default” button was not rendering correctly
  • Fixed Bug: Role Management UI – the PHP notice where Undefined variable: parent
  • Fixed Bug: AAM UI page – improperly compressed HTML response if server config does not match PHP executable INI settings
  • Fixed Bug: Login Redirect Settings – incorrectly merged settings for multi-role support
  • Fixed Bug: Logout Redirect Settings – incorrectly merged settings for multi-role support
  • Fixed Bug: Access Denied Redirect Settings – incorrectly merged settings for multi-role support
  • Fixed Bug: API Route Settings – incorrectly halted inheritance mechanism
  • Fixed Bug: Admin Toolbar Settings – incorrectly halted inheritance mechanism
  • Fixed Bug: URI Access Settings – incorrectly halted inheritance mechanism
  • Fixed Bug: Content Visibility Settings – incorrectly merged settings for multi-role support
  • Fixed Bug: Access Policy Core – incorrectly managed internal cache
  • Fixed Bug: AAM Core – incorrectly managed internal object cache
  • Fixed Bug: Content Service – incorrectly mapped do_not_allow capability if any of the registered post types have it
  • Fixed Bug: Content Service – fatal error Cannot use object of type Closure as array https://forum.aamplugin.com/d/354-php-fatal-error-cannot-use-object-of-type-closure-as-array
  • Fixed Bug: The aam_show_toolbar capability was not taken in consideration
  • Fixed Bug: Logout Redirect Service – White screen occurs if “Default” option is explicitly selected https://wordpress.org/support/topic/blank-log-out-page-on-6-0-5/
  • Change: Refactored internal inheritance mechanism where AAM objects no longer responsible to check for inheritance flag. This eliminates several constrains that we discovered recently.
  • Change: Multiple minor changes to the codebase to consume internal AAM API in more consistent way
  • Change: JWT & Secure Login Services – enriched RESTful API error responses with more details about an error
  • Change: Content Service – optimization improvements
  • Added New: Implemented new filter aam_token_typecast_filter for Access Policy for custom type casting
  • Added New: Implemented support for the => (map to) operator for the Access Policy
  • Added New: Implemented support for the AAM_CONFIG marker for the Access Policy


  • Fixed Bug: Refactored the license managements. Fixed bugs with license registration https://forum.aamplugin.com/d/356-unregistered-version-message
  • Fixed Bug: Some servers do not allow WP core string concatenation. This was causing 403 https://forum.aamplugin.com/d/389-message-loading-aam-ui-please-wait-403-forbidden
  • Fixed Bug: Media list on Posts & Terms tab is not rendered correctly due to improperly managed DB query for post type attachment
  • Fixed Bug: AAM core getOption method did not deserialized settings properly in some cases
  • Fixed Bug: Access Manager metabox was rendered for users that have ability to manage other users https://forum.aamplugin.com/d/371-you-are-not-allowed-to-manage-any-aam-subject
  • Fixed Bug: Logout redirect was no working properly https://forum.aamplugin.com/d/339-problem-with-login-shortcode-and-widget
  • Fixed Bug: The Drill-Down button was not working on Posts & Terms tab
  • Fixed Bug: Access policy Action “Create” was not converted at all for the PostType resource
  • Change: Simplified the first migration script by removing all error emissions. We captured enough migration logs to be confident about proper migration of the most critical settings
  • Change: Changed verbiage for the Enterprise Package on the Add-ons area
  • Change: Added info notification to the Posts & Terms tab for proper Media access controls
  • Change: Merge internal Settings service with Core service
  • Change: Added new migration script that fixed issues with legacy names for premium add-ons
  • Change: Added new internal AddOn manager class
  • Added New: Added the ability to check for new add-on updates from the Add-ons area
  • Added New: Published free AAM add-on AAM Protected Media Files https://wordpress.org/plugins/aam-protected-media-files/


  • Fixed Bug: https://forum.aamplugin.com/d/367-authentication-jwt-expires-fatal-error
  • Fixed Bug: JWT validation endpoint did not check token’s expiration based on UTC timezone
  • Fixed Bug: Removed unnecessary console.log invocations from the aam.js library
  • Fixed Bug: Fixed the potential bug with improperly merged options when access policy Param’s Value is defined as multi-dimensional array
  • Fixed Bug: https://forum.aamplugin.com/d/339-problem-with-login-shortcode-and-widget
  • Fixed Bug: https://forum.aamplugin.com/d/371-you-are-not-allowed-to-manage-any-aam-subject
  • Fixed Bug: Incompatibility with plugins that are extremely aggressive and modify the WP_Query “suppress_filters” flag. Shame on you guys!


  • Fixed Bug: Fatal Error – Class ‘AAM_Core_Server’ not found. https://forum.aamplugin.com/d/358-uncaught-error-class-aam-core-server-not-found
  • Fixed Bug: Fixed the bug where post types that do not have Gutenberg enabled are not shown on the Metaboxes & Widgets tab https://wordpress.org/support/topic/in-metaboxes-widgets-no-pages/
  • Fixed Bug: Not all possible post types are shown on the Posts & Terms tab


  • Fixed Bug: https://forum.aamplugin.com/d/361-uncaught-error-call-to-a-member-function-settimezone-on-boolean
  • Fixed Bug: https://forum.aamplugin.com/d/378-aam-6-0-1-conflict-with-acf-advanced-custom-fields
  • Fixed Bug: Migration script, fixed couple more minor bugs that were causing warnings


  • Fixed Bug: Numerous bugs fixed in the migration script. New script prepared to do additional clean-up and fix corrupted data
  • Fixed Bug: https://forum.aamplugin.com/d/369-notice-undefined-offset-1-service-content-php-on-line-509
  • Fixed Bug: https://wordpress.org/support/topic/6-0-issues/
  • Fixed Bug: https://forum.aamplugin.com/d/353-comment-system-activated
  • Fixed Bug: Migration script was skipping access settings conversion for roles that have white space in slug
  • Added New: Additional migration script for clean-up and fixing corrupted data


  • Complete rewrite of the entire plugin. For more information, check this article

  • Fixed the bug with Access Policy for Capability resource
  • Fixed the bug with Nginx redirect rules for media access


  • Prep for upcoming AAM v6 release. Converting all extensions to plugins
  • Covered odd use-case when some plugins decide to register CPT capabilities during plugin activation
  • Improved Backend Menu feature functionality

  • Fixed the bug with merging access settings for multiple roles
  • Improved the way capabilities are managed internally by AAM
  • Fixed PHP notice reported by jaerlo https://forum.aamplugin.com/d/207-indirect-modification-of-overloaded-property-aam-core-subject-user-roles
  • Fixed PHP fatal error reported by kevinagar https://wordpress.org/support/topic/fatal-error-3199/
  • Fixed the bug with Backend Menu feature where all the menu items that require “administrator” capability where not shown

  • Fixed the bug added slashes to the Access Policy JSON document
  • Fixed the bug with Metaboxes & Widgets to prevent PHP warning for widgets that registered with Closure callback
  • Fixed the bug in URI Access feature that causes PHP warning when data is merged for multiple roles
  • Fixed the bug with Access Policy rules that are not initialized correctly for Visitors
  • Fixed the bug reported on GitHub https://github.com/aamplugin/advanced-access-manager/issues/6
  • Changed the way AAM hooks into get_options pipeline with Access Policy “Params”. This is done to support array options
  • Changed the way Login Widget is registered to reduce code

  • Fixed the fatal error related to URI object


  • Fixed the bug with URI Access feature for URIs with trailing forward slash “/”
  • Fixed the bug with Access Policy where incorrect default value was propagated
  • Fixed the bug with API Routes not merged properly with multiple-roles support
  • Added HTTP Redirect Code to URI Access, Posts & Terms features
  • Added new Access Policy marker type QUERY that is alias for the GET
  • Added support …