PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

Changing permissions in WordPress can be a tricky task. It's possible to lock yourself or others out of some important features. So, we've built a way to keep your site safe.

Every time you change your permissions, the PublishPress Capabilities plugin will automatically create a backup. If you make a mistake, go to the “Backup” menu link and click the “Restore” tab. Here you can browse through the most recent 20 automatic backups. The plugin also saves a backup from when you first installed PublishPress Capabilities. And you can click the “Backup” tab to manually create backups.

Click the yellow “Restore Selected Roles” button and you'll be able to roll back to a previous version.

A green role title means the role does not exist in your current set.
A green capability is set in the role backup, but not the current role.
A stuck-through capability is set in the current role, but not the role backup.

How Do I Restore Permissions to the WordPress Defaults?
If you really need to clean up and refresh your site, PublishPress Capabilities does allow you to restore the default WordPress permissions. Go to Capabilities > Backup and dlick the “Reset Roles” tab. Before you take next step, make sure to read this warning:

“WARNING: This will delete and/or modify stored role definitions. If you have installed any plugin that adds new roles or capabilities, these will be lost. It is recommended to use this only as a last resort!”

If you want to proceed, click the “Reset to WordPress defaults” link. PublishPress Capabilities will ask you if you're really sure you want to do this. Click “OK” to continue. Once the process is complete, you'll see the message, “Roles and Capabilities reset to WordPress defaults”.
How Do I Control WooCommerce Menu Link Permissions?
WooCommerce is the most popular WordPress eCommerce plugin. You can create beautiful store with themes customized to your brand and industry and you'll find 1,000's of tools and popular integrations.

The PublishPress Capabilities plugin enables you to control permissions for the WooCommerce plugin and also WooCommerce user roles. You can use this plugin as a WooCommerce user role editor. Go to the “Capabilities” link in your WordPress admin menu. In the main area of your screen will see options for WooCommerce Products, Orders and Coupons. These permissions cover editing, deleting and reading.

In the right sidebar, you can also enable permissions for WooCommerce taxonomies. Check the boxes for Product categories, Product tags, and Product shipping classes. After you check those boxes and refresh your screen, you will see Manager, Edit, Assign and Delete options for Product categories, Product tags, and Product shipping classes.

The Pro version of PublishPress Capabilities allows you to block access to admin menu links in WooCommerce. This is useful because WooCommerce has very limited options for controlling who can access the admin screens. When you first install WooCommerce, you'll see four top-level menu links, plus sub-menus. All of these links are available to users in the Administrator and Shop Manager roles:

WooCommerce
Products
Analytics
Marketing

It is possible to control who can access these links by using the PublishPress Capabilities Pro plugin. After installing PublishPress Capabilities Pro, go to “Capabilities”, then “Admin Menus” in your WordPress admin area. n the top-left corner of this screen, choose the role that you want to edit. Scroll down and you can enter a red X for any menu link that you don't want users in that role to access. This is a great way to customize a WooCommerce role such as Shop Manager. This approach works for the core WooCommerce plugin and can also be used for WooCommerce add-on plugins such as WooCommerce Subscriptions, WooCommerce Shipping, and WooCommerce Bookings. PublishPress Capabilities can help you manage WooCommerce permissisons.

Click here to learn about WooCommerce menu permissions.
How Do I Control Contact Form 7 Permissions?
The Pro version of PublishPress Capabilities allows you to block access to admin menu links in the Contact Form 7 plugin. This is useful because Contact Form 7 has very limited options for controlling who can access the admin screens.

Contact Form 7 is the most popular contact form plugin for WordPress. You can manage multiple contact forms, and easily customize each form and the emails it sends. Contact Form 7 supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and much more.

When you first install Contact Form 7, you'll see one top-level menu link, plus three sub-menus. All of these links are available to users in the Administrator role:

Contact Forms
Add New
Integration

It is possible to control who can access these links by using the PublishPress Capabilities Pro plugin. After installing PublishPress Capabilities Pro, go to “Capabilities”, then “Admin Menus” in your WordPress admin area. In the top-left corner of this screen, choose the role that you want to edit. Scroll down and you can enter a red X for any menu link that you don't want users in the Editor role to access. This approach works for the core Contact Form 7 plugin and can also be used for add-on plugins such as Flamingo which records entries for Contact Form 7 forms.

Click here to learn about Contact Form 7 menu permissions.
How Do I Control Yoast SEO User Roles and Permissions?
The Pro version of PublishPress Capabilities allows you to block access to admin menu links in the Yoast SEO plugin. This is useful because Yoast SEO has limited options for managing who can access the admin screens and important features.

Yoast SEO is the most popular WordPress SEO plugin and contains everything that you need to manage your SEO. Yoast SEO is packed full of feature that help search engines to find and understand your website.

General
Search Appearance
Social
Tools
Premium

It is possible to control who can access these Yoast SEO links by using the PublishPress Capabilities Pro plugin. After installing PublishPress Capabilities Pro, go to “Capabilities”, then “Admin Menus” in your WordPress admin area. In the top-left corner of this screen, choose the role that you want to edit. For example, you can restrict Yoast SEO access for the “SEO Manager” role. Scroll down and you can enter a red X for any menu link that you don't want users in the SEO Manager role to access.

This approach works for the core Yoast SEO plugin and can also be used for add-on plugins such as Local SEO, WooCommerce SEO, Google News, and more.

Click here to learn about Yoast SEO menu permissions.
How Do I Control Elementor User Roles and Permissions?
The Pro version of PublishPress Capabilities allows you to block access to admin menu links in the Elementor plugin. This is useful because Elementor has limited options for managing who can access the admin screens and important features.

The Elementor plugin is one of the most popular drag-and-drop page builders. With Elementor, you’re editing the site live, and simultaneously see exactly how it looks like. Elementor designs are full-responsive and come with over 40 powerful widgets. PublishPress Capabilities can help you manage Elementor permissions.

Settings
Role Manager
Tools
System Info
Getting Started
Get Help
Custom Fonts
Custom Icons
Go Pro

It is possible to control who can access Elementor menu links by using the PublishPress Capabilities Pro plugin. After installing PublishPress Capabilities Pro, go to “Capabilities”, then “Admin Menus” in your WordPress admin area.

In the top-left corner of this screen, choose the role that you want to edit. For example, you can restrict Elementor access for the “Administrator” role. If you do this, I would recommend making a copy of the Administrator role so that one role still has full Elementor access. Scroll down and you can enter a red X for any Elementor menu link that you don't want users in the Administrator role to access.

This approach works for the core Elementor plugin and can also be used for add-on plugins such as Essential Addons, Premium Addons, and others.

Click here to learn about Elementor menu permissions.
How Do I Control Jetpack User Roles and Permissions?
The Pro version of PublishPress Capabilities allows you to block access to admin menu links in the Jetpack plugin. This is useful because Jetpack has limited options for managing who can access the admin screens and important features.

Jetpack is a plugin built by Automattic, the company behind WordPress.com. This plugin offers many different services including backups, spam blocking, analytics, malware scans, contact forms, and more. PublishPress Capabilities can help you manage Jetpack permissions.

Dashboard
Settings

It is possible to control who can access these Jetpack links by using the PublishPress Capabilities Pro plugin. After installing PublishPress Capabilities Pro, go to “Capabilities”, then “Admin Menus” in your WordPress admin area. In the top-left corner of this screen, choose the role that you want to edit. For example, you can restrict Jetpack access for the “Administrator” role. If you do this, I would recommend making a copy of the Administrator role so that one role still has full Jetpack access. Scroll down and you can enter a red X for any Jetpack menu link that you don't want users in the Administrator role to access. Now when an Administrator logs in to your site, they will not be able to see the Jetpack menu links that you have blocked. This approach works for the core Jetpack plugin and can also be used for add-on plugins such as Jetpack CRM and others.

Click here to learn about Jetpack permissions.
How Do I Control WPForms User Roles and Permissions?
The Pro version of PublishPress Capabilities allows you to block access to admin menu links in the WP Forms plugin. This is useful because WPForms has limited options for managing who can access the admin screens and important features.

WPForms is one of the most popular WordPress contact form plugin with millions of active installs. WPForms allows you to create beautiful contact forms, feedback forms, subscription forms, payment forms, and more.

All Forms
Add New
Entries
Settings
Tools
Addons
Analytics
SMTP
About Us
Community

It is possible to control who can access these WPForms plugin links by using the PublishPress Capabilities Pro plugin. After installing PublishPress Capabilities Pro, go to “Capabilities”, then “Admin Menus” in your WordPress admin area. In the top-left corner of this screen, choose the role that you want to edit. For example, you can restrict WPForms access for the “Administrator” role. If you do this, I would recommend making a copy of the Administrator role so that one role still has full WPForms access.

Scroll down and you can enter a red X for any WPForms menu link that you don't want users in the Administrator role to access. Now when an Administrator logs in to your site, they will not be able to see the WPForms menu links that you have blocked.

This approach works for the core WPForms plugin and can also be used for add-on plugins such as Form Abandonment, Form Locker, Offline Forms, and more.

Click here to learn about WPForms menu permissions.
How Do I Control The Events Calendar User Roles and Permissions?
The Pro version of PublishPress Capabilities allows you to block access to admin menu links in The Events Calendar plugin. This is useful because The Events Calendar has limited options for managing who can access the admin screens and important features.

With The Events Calendar, you can easily create and manage an events calendar on your WordPress site. The plugin supports both in-person and virtual events. There are also many ways to extend the plugin for recurring events, ticket sales, user-submitted events and more.

Events
Add New
Tag
Events Categories
Venues
Organizers
Import
Settings
Help
Event Add-Ons

It is possible to control who can access these The Events Calendar plugin links by using the PublishPress Capabilities Pro plugin. After installing PublishPress Capabilities Pro, go to “Capabilities”, then “Admin Menus” in your WordPress admin area. In the top-left corner of this screen, choose the role that you want to edit. For example, you can restrict The Events Calendar access for the “Editor” role. Scroll down and you can enter a red X for any The Events Calendar menu link that you don't want users in the Editor role to access. Now when an Administrator logs in to your site, they will not be able to see the Events Calendar menu links that you have blocked:

This approach works for the core The Events Calendar plugin and can also be used for add-on plugins such as Virtual Events, Events Tickets, and more.

Click here to learn about The Events Calendar menu permissions.
How Do I Control The Gravity Forms User Roles and Permissions?
The Pro version of PublishPress Capabilities allows you to block access to admin menu links in the Gravity Forms plugin. This is useful because Gravity Forms has limited options for controlling who can access the admin screens.

Gravity Forms is perhaps the most popular contact form plugin for WordPress. You can build and publish your WordPress forms in just minutes. Choose your fields, configure your options and easily embed forms on your WordPress-powered site. Gravity Forms allows you to easily integrate with third party services such as PayPal, Mailchimp, and Zapier.

Forms
New Form
Entries
Settings
Import/Export
Add-ons
System Status
Help

It is possible to control who can access these links by using the PublishPress Capabilities Pro plugin. After installing PublishPress Capabilities Pro, go to “Capabilities”, then “Admin Menus” in your WordPress admin area. In the top-left corner of this screen, choose the role that you want to edit. For example, you can restrict access for the “Editor” role. By default, Editors aren't given access to Gravity Forms, but site administrators often do they give them some access. Scroll down and you can enter a red X for any Gravity Forms menu link that you don't want users in the Editor role to access. Now when an Editor logs in to your site, they will not be able to see the blocked Gravity Forms menu links.

This approach works for the core Gravity Forms plugin and can also be used for add-on plugins from the official site, or third-party sites.

Click here to learn about Gravity Forms menu permissions.
What’s the Difference Between PublishPress Capabilities and PublishPress Permissions?
We provide two plugins that allow you to control who can access what on your WordPress site. This is simple way to understand the difference:

PublishPress Capabilities: Easy.
PublishPress Permissions: Advanced.

OK, that's maybe too simple, so here's more detail:

PublishPress Permissions allows you to customize the default WordPress permissions.
PublishPress Permissions allows you to customize advanced permissions that go far beyond the scope of the WordPress core.

Here's an contrasting example when it comes to Post:

PublishPress Capabilities allows you to control who can publish all your Posts.
PublishPress Permissions allows you to control who can publish Posts with a particular Status, Category or Tag, or even Posts without a specific Category or Tag.

Here's another comparison:

PublishPress Capabilities allows you to control who can read all your Pages.
PublishPress Permissions allows you to control who can read Pages with a specific Status, Category or Tag, or even Pages with a particular parent Page.

What's the correct way to spell PublishPress Capabilities?
PublishPress is the official brandname. When writing about this user role editor plugin, please make sure to uppercase the Ps.

PublishPress Capabilities (correct)
Publish Press Capabilities (incorrect)
publishpress capabilities (incorrect)
publish press cpabilities (incorrect)

Common and incorrect typos include Capabilitise, Cpabilities, Capabiliites, Cspabilities, Capsbilities, Caoabilities, Calabilities.
Where do I report security bugs found in this plugin?
Please report security bugs found in the source code of the PublishPress Capabilities plugin through the Patchstack Vulnerability Disclosure  Program. The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin.