Advanced Access Manager – Access Governance for WordPress – WordPress plugin | WordPress.org

Advanced Access Manager – Access Governance for WordPress – WordPress plugin | WordPress.org
Skip to content
Plugin Directory
Advanced Access Manager – Access Governance for WordPress
Details
Reviews
Installation
Development
Support
Description
Advanced Access Manager (AAM)
introduces
Access Governance for WordPress
– a systematic approach to securing your site by controlling who can access what, when, and why.
Most WordPress security plugins focus on external threats like malware, firewalls, and brute-force attacks. AAM addresses the
root cause of the #1 WordPress security risk: broken access controls, excessive privileges, and misconfigured roles
Instead of reacting to attacks, AAM helps you
design security into your WordPress site
What Access Governance means in practice
Mitigate Broken Access Controls
. Ensure roles, users, and permissions are correctly configured to prevent unauthorized actions and privilege escalation.
Eliminate Excessive Privileges
. Identify overpowered users and reduce access to critical functionality, admin areas, and APIs.
Secure Content by Design
. Control who can view, edit, publish, or delete posts, pages, media, taxonomies, and custom content types.
Govern Access with Policy
. Define access rules using JSON Access Policies — portable, auditable, and automation-friendly.
Build Custom Security Logic
. Use the AAM PHP Framework to create advanced, programmatic access controls tailored to your application.
Key Features
Security Audit
. Detect risky role assignments, misconfigurations, and compromised accounts.
Granular Access Control
. Manage permissions for any user, role, or visitor with precision.
Role & Capability Management
. Customize WordPress roles and capabilities beyond defaults.
Admin & Menu Control
. Restrict dashboard areas and tailor the admin experience per user or role.
API & Endpoint Protection
. Secure REST and XML-RPC access with fine-grained controls.
Modern Authentication Options
. Support passwordless and secure login flows.
Developer-Ready Framework
. Extend WordPress security using AAM’s powerful SDK.
Ad-Free & Transparent
. – No ads, no tracking, no bloat.
Built for Security-Conscious WordPress Users
AAM is trusted by
150,000+ websites
to deliver enterprise-grade access control without unnecessary complexity. Whether you’re a site owner, agency, developer, or security professional, AAM gives you
full control over WordPress access — by design
Most core features are free. Advanced capabilities are available via premium add-ons.
No hidden tracking. No data collection. No unwanted changes.
Just
security you can reason about, audit, and trust
Screenshots
Manage access to backend menu
Manage access to metaboxes & widgets
Manage capabilities for roles and users
Manage access to posts, pages, media or custom post types
Posts and pages access options form
Define access to posts and categories while editing them
Manage access denied redirect rule
Manage user login redirect
Manage 404 redirect
Create your own content teaser for limited content
Improve your website security
Installation
Upload
advanced-access-manager
folder to the
/wp-content/plugins/
directory
Activate the plugin through the ‘Plugins’ menu in WordPress
Reviews
very good plugin.
I have been looking for a plugin to manage user access and AAM is by far the best of all. Highly recommended.
This plugin is the best out there. I use it every time I have a client that needs to have access to the backend. I can easily make changes to permissions for every user role. 10 stars guys
When we started using this plugin a year or so ago it was good. But now it conflicts with many other plugins and misses out plugins like WPCode. It actually locked me out of the plugin as an administrator, so I had to uninstall AAM.It is a shame because it was once a great plugin.
I am looking to hide “metaboxes” in Gutenberg editors, but as far as I understand in the “Metaboxes and Widgets”, in the “Articles” section, when I click hide (Comments, Slug…) .it does nothing.Does it only work in classic editor ?
Very comprehensive plugin that was able to do a lot of the things that I needed (especially in comparison to other ones out there when it comes to access management). Support was prompt, professional and very helpful and actually went above and beyond to help me out even after I had misunderstood some of the terms and conditions. They really know their stuff when it comes to WP so you are in good hands!
Read all 421 reviews
Contributors & Developers
“Advanced Access Manager – Access Governance for WordPress” is open source software. The following people have contributed to this plugin.
Contributors
AAM Plugin
“Advanced Access Manager – Access Governance for WordPress” has been translated into 7 locales. Thank you to
the translators
for their contributions.
Translate “Advanced Access Manager – Access Governance for WordPress” into your language.
Interested in development?
Browse the code
, check out the
SVN repository
, or subscribe to the
development log
by
RSS
Changelog
7.1.1
Fixed: Incorrectly handled URL with encoded characters
Fixed: Deprecated: Method ReflectionProperty::setAccessible() is deprecated since 8.5, as it has no effect since PHP 8.1
Fixed: Super-Admin is unable to create users in WordPress Multisite –> subsites, when Multiple Roles Support is enabled
7.1.0
Fixed: Warning: Undefined array key “effect” in /../application/Framework/Utility/Misc.php on line 483
Fixed: Can’t reset ConfigPress
Fixed: Incorrect aam_manage_jwts capability
Fixed: Null pointer in Content.php line 792
Changed: Removing AAM Post List shortcode
New: Ability to add JWT token description
7.0.11
Fixed: Advanced Multi-Role setup fails to hide posts
Fixed: Security Audit References are incorrectly displayed after page refresh
Fixed: PHP warning when security audit fails due to unexpected error
Fixed: Can’t deselect a parent role
7.0.10
Fixed: Permalink has empty href when post is password protected
Fixed: Roles & Capabilities are not syncing in multisite
7.0.9
Fixed: PHP Parse error in php7.4
Fixed: Uncaught OutOfRangeException: Cannot find user by identifier 0 in /../Framework/Utility/AccessLevels.php:198
7.0.8
Changed: Move to PHP composer for vendor dependencies
7.0.7
Fixed: Uncaught Error: preg_match(): Argument #2 ($subject) must be of type string, array given in /…/Framework/Policy/Typecast.php on line 37
Fixed: Uncaught Error: Call to a member function get_settings() on null in /…/application/Restful/Roles.php
New: New access policy marker AAM_API
New: Allow function expression anywhere within JSON policy xpath
New: Give the ability to define conditions based on user’s OS, device, browser, brand, model, etc.
7.0.6
Fixed: Incorrectly handling subpages with policies
Fixed: AAM removes slashes in JSON access policy
Fixed: URL Access service does not handle URLs with query params correctly
Fixed: The aam_backend_login widget is unavailable
Changes: Improve clarity around premium add-on status
7.0.5
Fixed: ConfigPress are not taken into consideration before init hook
Fixed: AAM does not display default terms pin anymore [https://github.com/aamplugin/advanced-access-manager/issues/467] (https://github.com/aamplugin/advanced-access-manager/issues/467)
Fixed: Uncaught TypeError: array_key_exists(): Argument #2 ($array) must be of type array, null given in /../Framework/Service/Policies.php:661
7.0.4
Change: Making sure that all AAM hooks are triggered only after init
7.0.3
Fixed: The Condition block is not handled properly when Operator is OR
Fixed: Can Not Edit Password Protected Block Pages
Fixed: Uncaught Error: Cannot use object of type WP_Post_Type as array in /../Metaboxes.php on line 383
Feature Request: Re-introduce the “Unified Multisite Configuration Sync” option
7.0.2
Fixed: Restricted post with Teaser Message is not enforced
Fixed: The “Redirect to the login page” option does not persist
Fixed: The Reset All AAM settings button does not work
Fixed: Metaboxes for custom taxonomies have the same slug
Fixed: PHP Notice: AAM_Framework_Service_Widgets(): Invalid widget provided in /wp-includes/functions.php
Fixed: AAM labels quote escape
Fixed: List of backend menu items is empty on the Backend Menu tab
Fixed: Issue with clearing buffer
Fixed: Uncaught Error: Call to a member function list() on null in /../Framework/Manager.php:450
Enhancement: Give the ability to control archive pages
7.0.1
Fixed: Access Denied message when aam_access_dashboard capability is created
Fixed: PHP Warning: array_diff(): Expected parameter 1 to be an array, string given in /…/Service/Identity.php on line 245
Fixed: Framework Manager error handling
Fixed: Error type E_PARSE in …/Framework/Utility/Misc.php on line 292. Error message: syntax error, unexpected ‘…’
Fixed: PHP Fatal error. undefined function get_user
Fixed: PHP Fatal error. undefined function wp_is_rest_endpoint
Fixed: v2 api broken
Changed: Default to WordPress default logout redirect
7.0.0
Official 7.0.0
6.9.51
Fixed: PHP Notice: Function _load_textdomain_just_in_time
Fixed: The Access Manager Metabox does not initialize correctly
Fixed: Incorrectly invoked translation function
Fixed: Download audit report issue
6.0.0
Complete rewrite of the entire plugin. For more information, check
this article
5.0
Added ACCESS COUNTER option to Posts & Pages
Added premium MONETIZE option to Posts & Pages
Added ability to turn off “Secure Login” feature
Added ability to toggle extension status (active/inactive)
Added ability for AAM to filter out Admin Top Bar based on restricted admin menus
Deprecated AAM Role Filter extension and merged it to the AAM core
Deprecated AAM Payment extension and merged it with AAM E-Commerce extension
Deprecated ConfigPress options that manage access to AAM UI. All is based on capabilities from now.
Split UI to three areas: Access, Settings and Extensions
Fixed over 25+ reported bugs and discovered during internal refactoring
Removed deprecated “Security” feature. Replaced with Secure Login Widget
Removed deprecated “Teaser” feature. Replaced with Teaser Message per post base
4.0
Added link Access to category list
Added shortcode [aam] to manage access to the post’s content
Moved AAM Redirect extension to the basic AAM package
Moved AAM Login Redirect extension to the basic AAM package
Moved AAM Content Teaser extension to the basic AAM package
Set single password for any post or posts in any category or post type
Added two protection mechanism from login brute force attacks
Added double authentication mechanism
Few minor core bug fixings
Improved multisite support
Improved caching mechanism
3.0
Brand new and much more intuitive user interface
Fully responsive design
Better, more reliable and faster core functionality
Completely new extension handler
Added “Manage Access” action to the list of user
Tested against WP 3.8 and PHP 5.2.17 versions
2.0
New UI
Robust and completely new core functionality
Over 3 dozen of bug fixed and improvement during 3 alpha & beta versions
Improved Update mechanism
1.0
Fixed issue with comment editing
Implemented JavaScript error catching
Meta
Version
7.1.1
15 hours
ago
Active installations
100,000+
WordPress version
5.8.0 or higher
Tested up to
6.9.4
PHP version
5.6.0 or higher
Languages
Dutch
Dutch (Belgium)
English (US)
French (France)
Norwegian (Bokmål)
Russian
Spanish (Spain)
, and
Swedish
Translate into your language
Tags
restricted content
security
user roles
Advanced View
Ratings
4.2
out of 5 stars.
310 5-star reviews
5 stars
310
22 4-star reviews
4 stars
22
14 3-star reviews
3 stars
14
8 2-star reviews
2 stars
66 1-star reviews
1 star
66
Your review
See all
reviews
Contributors
AAM Plugin
Support
Issues resolved in last two months:
1 out of 1
View support forum