Discover, trust, install: FAIR 1.0 is here
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More
Version: 7.0.9
Description
Most security plugins protect against external threats like malware or brute force attacks, but what about internal risks? AAM secures your site from within by preventing unauthorized access, privilege escalation, and broken access controls — the leading security vulnerabilities in WordPress.
- Mitigate Broken Access Controls. Ensure roles and permissions are correctly configured to prevent unauthorized actions.
- Eliminate Excessive Privileges. Identify overpowered users and tighten access to critical site functions.
- Harden Content Moderation. Restrict who can edit, publish, or delete sensitive content.
- Enforce Security with Code. Define access rules as JSON Access Policies, making them portable, auditable, and automated.
- Empower Developers with AAM PHP Framework. Build custom, secure access controls with a robust set of services and APIs.
Key Features
- Security Audit – Instantly detect misconfigurations, compromised accounts, and risky role assignments.
- Granular Access Control – Manage permissions for any role, user, or visitor with fine-tuned restrictions.
- Content Security – Lock down posts, pages, media, terms and custom content types or taxonomies.
- Role & Capability Management – Customize WordPress roles and define capabilities with precision.
- Backend & Menu Control – Restrict dashboard areas and tailor admin menus per user or role.
- API & Endpoint Management – Secure RESTful and XML-RPC APIs by controlling who can access them.
- Passwordless & Secure Logins – Offer password-free login while keeping authentication safe.
- Developer-Ready – Utilize a one-of-a-kind AAM PHP Framework for custom security solutions.
- Ad-Free & Transparent – No ads, no bloat—just powerful security tools.
Built for Security-Conscious WordPress Users
AAM is trusted by over 150,000 websites to deliver enterprise-grade security without complexity. Whether you’re a site admin, developer, or security professional, AAM gives you the tools to take control of WordPress security — your way.
- Most features are free. Advanced capabilities are available through premium add-ons.
- No hidden tracking, no data collection, no unwanted modifications — just security you can trust.
Take control of your WordPress security today — install AAM now!
Installation
- Upload
advanced-access-managerfolder to the/wp-content/plugins/directory - Activate the plugin through the ‘Plugins’ menu in WordPress
Screenshots
Manage access to backend menu
Manage access to metaboxes & widgets
Manage capabilities for roles and users
Manage access to posts, pages, media or custom post types
Posts and pages access options form
Define access to posts and categories while editing them
Manage access denied redirect rule
Manage user login redirect
Manage 404 redirect
Create your own content teaser for limited content
Improve your website security
Reviews
Best in class
By 
I have been looking for a plugin to manage user access and AAM is by far the best of all. Highly recommended.
This is an incredible plugin
By 
This plugin is the best out there. I use it every time I have a client that needs to have access to the backend. I can easily make changes to permissions for every user role. 10 stars guys
Doesn't find all Plugin Toolbars
By 
When we started using this plugin a year or so ago it was good. But now it conflicts with many other plugins and misses out plugins like WPCode. It actually locked me out of the plugin as an administrator, so I had to uninstall AAM.
It is a shame because it was once a great plugin.
Metaboxes and Gutenberg
By 
I am looking to hide "metaboxes" in Gutenberg editors, but as far as I understand in the "Metaboxes and Widgets", in the "Articles" section, when I click hide (Comments, Slug...) .it does nothing.
Does it only work in classic editor ?
Awesome Plugin with Great Support
By 
Very comprehensive plugin that was able to do a lot of the things that I needed (especially in comparison to other ones out there when it comes to access management). Support was prompt, professional and very helpful and actually went above and beyond to help me out even after I had misunderstood some of the terms and conditions. They really know their stuff when it comes to WP so you are in good hands!
AAM é um ótimo plugin. Recomendo!
By 
Olá Equipe do Advance Access Manager,
Gostaria de expressar minha imensa satisfação com o AAM! Minha experiência com este plugin tem sido excelente, proporcionando um gerenciamento detalhado de usuários e acessos de forma intuitiva e fácil de compreender.
O AAM se destaca como o melhor plugin que já encontrei até hoje para lidar com as nuances do controle de usuários e permissões. A interface é amigável, facilitando a configuração e administração das permissões de acesso, tornando todo o processo extremamente eficiente.
Agradeço à equipe do Advance Access Manager pelo desenvolvimento de uma ferramenta tão poderosa e eficaz. Continuem o excelente trabalho!
Incredible support
By 
Really the quickest and best support I've had for any software, ever. Marvellous!
Best Member Administration Plugin for WordPress
By 
This is the Best User Administration Plugin for WordPress, manage private content, manage user access, EXCELLENT support. reliable, customizable and full featured.
Great AAM
By 
Great Access manager to control in details which menu/pages are accessible per user/groups. In my opnion, this a must plugin
Buggy & No Support
By 
- Buggy Code: In some scenarios, plugin throws errors like "DataTables Warnings"
- Zero Support: If it works, it works. But if you have trouble, do not expect author / support team to respond.
- Don't Go Pro: There's no response even if you are a paid customer. Do not buy the premium version.
Changelog
7.0.9
- Fixed: PHP Parse error in php7.4 https://github.com/aamplugin/advanced-access-manager/issues/482
- Fixed: Uncaught OutOfRangeException: Cannot find user by identifier 0 in /../Framework/Utility/AccessLevels.php:198 https://github.com/aamplugin/advanced-access-manager/issues/481
7.0.8
- Changed: Move to PHP composer for vendor dependencies https://github.com/aamplugin/advanced-access-manager/issues/480
7.0.7
- Fixed: Uncaught Error: preg_match(): Argument #2 ($subject) must be of type string, array given in /…/Framework/Policy/Typecast.php on line 37 https://github.com/aamplugin/advanced-access-manager/issues/474
- Fixed: Uncaught Error: Call to a member function get_settings() on null in /…/application/Restful/Roles.php https://github.com/aamplugin/advanced-access-manager/issues/479
- New: New access policy marker AAM_API https://github.com/aamplugin/advanced-access-manager/issues/475
- New: Allow function expression anywhere within JSON policy xpath https://github.com/aamplugin/advanced-access-manager/issues/476
- New: Give the ability to define conditions based on user’s OS, device, browser, brand, model, etc. https://github.com/aamplugin/advanced-access-manager/issues/477
7.0.6
- Fixed: Incorrectly handling subpages with policies https://github.com/aamplugin/advanced-access-manager/issues/473
- Fixed: AAM removes slashes in JSON access policy https://github.com/aamplugin/advanced-access-manager/issues/472
- Fixed: URL Access service does not handle URLs with query params correctly https://github.com/aamplugin/advanced-access-manager/issues/470
- Fixed: The aam_backend_login widget is unavailable https://github.com/aamplugin/advanced-access-manager/issues/469
- Changes: Improve clarity around premium add-on status https://github.com/aamplugin/advanced-access-manager/issues/471
7.0.5
- Fixed: ConfigPress are not taken into consideration before init hook https://github.com/aamplugin/advanced-access-manager/issues/468
- Fixed: AAM does not display default terms pin anymore [https://github.com/aamplugin/advanced-access-manager/issues/467] (https://github.com/aamplugin/advanced-access-manager/issues/467)
- Fixed: Uncaught TypeError: array_key_exists(): Argument #2 ($array) must be of type array, null given in /../Framework/Service/Policies.php:661 https://github.com/aamplugin/advanced-access-manager/issues/466
7.0.4
- Change: Making sure that all AAM hooks are triggered only after init https://github.com/aamplugin/advanced-access-manager/issues/465
7.0.3
- Fixed: The Condition block is not handled properly when Operator is OR https://github.com/aamplugin/advanced-access-manager/issues/464
- Fixed: Can Not Edit Password Protected Block Pages https://github.com/aamplugin/advanced-access-manager/issues/463
- Fixed: Uncaught Error: Cannot use object of type WP_Post_Type as array in /../Metaboxes.php on line 383 https://github.com/aamplugin/advanced-access-manager/issues/461
- Feature Request: Re-introduce the “Unified Multisite Configuration Sync” option https://github.com/aamplugin/advanced-access-manager/issues/462
7.0.2
- Fixed: Restricted post with Teaser Message is not enforced https://github.com/aamplugin/advanced-access-manager/issues/460
- Fixed: The “Redirect to the login page” option does not persist https://github.com/aamplugin/advanced-access-manager/issues/459
- Fixed: The Reset All AAM settings button does not work https://github.com/aamplugin/advanced-access-manager/issues/457
- Fixed: Metaboxes for custom taxonomies have the same slug https://github.com/aamplugin/advanced-access-manager/issues/456
- Fixed: PHP Notice: AAM_Framework_Service_Widgets(): Invalid widget provided in /wp-includes/functions.php https://github.com/aamplugin/advanced-access-manager/issues/443
- Fixed: AAM labels quote escape https://github.com/aamplugin/advanced-access-manager/issues/455
- Fixed: List of backend menu items is empty on the Backend Menu tab https://github.com/aamplugin/advanced-access-manager/issues/454
- Fixed: Issue with clearing buffer https://github.com/aamplugin/advanced-access-manager/issues/453
- Fixed: Uncaught Error: Call to a member function list() on null in /../Framework/Manager.php:450 https://github.com/aamplugin/advanced-access-manager/issues/452
- Enhancement: Give the ability to control archive pages https://github.com/aamplugin/advanced-access-manager/issues/458
7.0.1
- Fixed: Access Denied message when aam_access_dashboard capability is created https://github.com/aamplugin/advanced-access-manager/issues/451
- Fixed: PHP Warning: array_diff(): Expected parameter 1 to be an array, string given in /…/Service/Identity.php on line 245 https://github.com/aamplugin/advanced-access-manager/issues/449
- Fixed: Framework Manager error handling https://github.com/aamplugin/advanced-access-manager/issues/448
- Fixed: Error type E_PARSE in …/Framework/Utility/Misc.php on line 292. Error message: syntax error, unexpected ‘…’ https://github.com/aamplugin/advanced-access-manager/issues/447
- Fixed: PHP Fatal error. undefined function get_user https://github.com/aamplugin/advanced-access-manager/issues/446
- Fixed: PHP Fatal error. undefined function wp_is_rest_endpoint https://github.com/aamplugin/advanced-access-manager/issues/445
- Fixed: v2 api broken https://github.com/aamplugin/advanced-access-manager/issues/444
- Changed: Default to WordPress default logout redirect https://github.com/aamplugin/advanced-access-manager/issues/450
7.0.0
- Official 7.0.0
6.9.51
- Fixed: PHP Notice: Function _load_textdomain_just_in_time https://github.com/aamplugin/advanced-access-manager/issues/442
- Fixed: The Access Manager Metabox does not initialize correctly https://github.com/aamplugin/advanced-access-manager/issues/441
- Fixed: Incorrectly invoked translation function https://github.com/aamplugin/advanced-access-manager/issues/440
- Fixed: Download audit report issue https://github.com/aamplugin/advanced-access-manager/issues/438
6.0.0
- Complete rewrite of the entire plugin. For more information, check this article
5.0
- Added ACCESS COUNTER option to Posts & Pages
- Added premium MONETIZE option to Posts & Pages
- Added ability to turn off “Secure Login” feature
- Added ability to toggle extension status (active/inactive)
- Added ability for AAM to filter out Admin Top Bar based on restricted admin menus
- Deprecated AAM Role Filter extension and merged it to the AAM core
- Deprecated AAM Payment extension and merged it with AAM E-Commerce extension
- Deprecated ConfigPress options that manage access to AAM UI. All is based on capabilities from now.
- Split UI to three areas: Access, Settings and Extensions
- Fixed over 25+ reported bugs and discovered during internal refactoring
- Removed deprecated “Security” feature. Replaced with Secure Login Widget
- Removed deprecated “Teaser” feature. Replaced with Teaser Message per post base
4.0
- Added link Access to category list
- Added shortcode [aam] to manage access to the post’s content
- Moved AAM Redirect extension to the basic AAM package
- Moved AAM Login Redirect extension to the basic AAM package
- Moved AAM Content Teaser extension to the basic AAM package
- Set single password for any post or posts in any category or post type
- Added two protection mechanism from login brute force attacks
- Added double authentication mechanism
- Few minor core bug fixings
- Improved multisite support
- Improved caching mechanism
3.0
- Brand new and much more intuitive user interface
- Fully responsive design
- Better, more reliable and faster core functionality
- Completely new extension handler
- Added “Manage Access” action to the list of user
- Tested against WP 3.8 and PHP 5.2.17 versions
2.0
- New UI
- Robust and completely new core functionality
- Over 3 dozen of bug fixed and improvement during 3 alpha & beta versions
- Improved Update mechanism
1.0
- Fixed issue with comment editing
- Implemented JavaScript error catching