PublishPress Permissions: Control User Access for Posts, Pages, Categories, Tags

Description

PublishPress Permissions allows you to enable or deny access to posts, pages, categories, tags and more. You can apply these permissions for user roles, individual users, and even custom groups.

With PublishPress Permissions, you can control who can view and edit your WordPress content. You can choose who can access images and files in your site’s Media Library. For example, you can deny all direct access to files for logged out users.

The Pro version of PublishPress Permissions has many advanced features such as teaser previews of restricted content, custom WordPress statuses, and automatically creating personal posts for users.

PublishPress Permissions Pro

Upgrade to Permissions Pro
This plugin is the free version of PublishPress Permissions. The Pro version of Permissions has all the features you need to control permissions for your WordPress users. With Permissions Pro you can manage access to posts, pages, media, taxonomies and custom post types. Click here to control access to your WordPress site with Permissions Pro!

Key Features in PublishPress Permissions

1. Viewing permissions: Every post, page, and taxonomy term has a box where you can choose who can read this content.
2. Editing permissions: Every post, page, and taxonomy term has a box where you can choose who can edit this content.
3. Media Library permissions: You decide who gets to edit and view image files and documents in your Media Library.
4. Hide other users’ posts: You can prevent users from seeing posts by other users in the WordPress admin area.
5. Create user groups: Build groups of users who can be given their own custom permissions. Two default groups include Logged in and Logged out users.
6. Show teasers for restricted content (Pro version): Have teaser text that is publicly available, followed by private content that is restricted to only your site’s users.
7. Personal posts for each user (Pro version): You can automatically create individual posts for your users so they have their own private content to edit or read.
8. Publishing statuses (Pro version): Go beyond “Draft”, “Pending Review” and “Published” with your own custom, and far more advanced, workflow.
9. Visibility statuses (Pro version): Create visibility options for your content. One example is a “Premium” status that makes content visible only for paying members.
10. Editorial Circles and Visibility Circles (Pro version): Restrict users to editing or viewing posts that were authored by other users in the same group.
11. Integration with other plugins (Pro version): The Permissions plugin integrates with other popular plugins including bbPress, BuddyPress, WPML, and Relevanssi.

Feature 1. Viewing Permissions for WordPress Content

PublishPress Permissions enables you to customize viewing access for WordPress content. Open any post and you’ll see a box with the label, “Permissions: Read this Post”. This box allows you to choose “Enabled” or “Blocked” for any user role, individual user, or user group. You can also set permissions for all users who are guests, and those who are logged in.

Click here to see how to control viewing permissions.

Feature 2. Editing Permissions for WordPress Content

PublishPress Permissions allows you to customize the editing permissions for all your content. Open a Post, Page, Category, Tag, or custom post type and you can decide who is allowed to edit that content. You can even prevent users from editing child pages of a specific parent page. Open any content item and you’ll see a box with a label like this: “Permissions: Edit this Post”. This box allows you to choose “Enabled” or “Blocked” for any user role, individual user, or user group.

Click here to see how to control editing permissions.

Feature 3. Access Permissions for the Media Library

PublishPress Permissions gives you detailed control over access to media on your WordPress site. You decide who gets to edit and view files in your Media Library. For example, you can set up WordPress so that users only have access to files that they uploaded. Or you can add an exception so users can edit other people’s media files if they are attached to a post they can edit.

The Pro version of Permissions allows you to deny any public access to files on your site. Nobody will be able to see your Media Library files unless they have access to a post that includes that file.

Click here to see how to manage access to your media files.

Feature 4. Hide Other Users’ Posts in the WordPress Admin

By default, WordPress users in the admin area can see all the Posts on the site, regardless of whether they are the author. This is not a problem for many sites. After all, most posts on most sites are publicly available – there’s no need to hide them. However, in some situations, site owners don’t want authors to see the posts that other users are working on. PublishPress Permissions can hide posts in the WordPress admin area, unless you have access to edit that post.

Click here to see how to hide other users’ posts.

Feature 5. Create Your Own User Groups

PublishPress Permissions allows you to create your own user groups. Imagine you want to give some users access to a single Post. Instead of creating a new user role and applying all the permissions, you can easily add those users to a group. This is a simple and more flexible alternative to user roles. You can also prevent users from reading or editing content if they are not in a specific group. By default, this plugin gives you sample groups that include all Logged in and Logged out users so you can easily set public and private content.

Click here to see how to use custom user groups.

Feature 6. Show Teasers for Restricted Content (Pro Version)

PublishPress Permissions Pro allows you to display a teaser for unreadable content. This is perfect for making small snippets of your content available to the public. You can have teaser text that is publicly available, followed by private content that is only visible for your site’s users. If you choose to display a login form, the redirect will go to the originally requested content.
Click here to see how to display content teasers.

Feature 7. Automatically Create Posts for Users (Pro Version)

This Pro feature allows you to automatically create content for your users. For example, you can sync your staff members to Pages. This would allow your staff to each have their own page to edit and update. You can use this feature to automatically create posts, WooCommerce products, or any other post type that is defined on your site.
Click here to see how to automatically create posts for users.

Feature 8. Create Your Own Publishing Statuses (Pro Version)

WordPress provides some status options including “Draft”, “Pending Review” and “Published”. Permissions Pro enables you to design a far more advanced workflow. Each status you create can have its own unique capability requirements.
Click here to see how to build your own workflow statuses.

Feature 9. Create Your Own Visibility Statuses (Pro Version)

With PublishPress Permissions Pro, you can create visibility options for your content. One example is a “Premium” status that makes content visible only for paying members. Another example is a “Staff” status, for the people who run your site.

Click here to see how to build your own visibility statuses.

Feature 10. Editorial Circles and Visibility Circles (Pro Version)

Visibility Circles are a feature in PublishPress Permissions Pro that restrict users to viewing posts that were authored by other users in the same group. PublishPress Permissions also has Editorial Circles. If you are in an Editorial Circle for Pages, you will only be able to edit pages authored by other circle members.

The most common way to use this feature is to restrict users in the Editor role so that they can only edit posts written by other Editors. This is because Editors are the only default WordPress role that can edit content (except for Administrators).

Click here to see how to build your own Editorial Circles and click here to see how to build your own Visibility Circles.

Feature 11. Support for Other Plugins

The Permissions plugin integrates with other popular plugins:

• BuddyPress content permissions: With the PublishPress Permissions Pro plugin, you can give users access to create WordPress content, based on their BuddyPress group membership.
• Relevanssi search permissions: Relevanssi is an excellent plugin that replaces the standard WordPress search with a better search engine. PublishPress Permissions Pro has integration with Relevanssi. If you use PublishPress Permissions Pro, your Relevanssi search results will have the correct visibility.
• WPML language permissions: PublishPress Permissions Pro does have support for the WPML plugin. By default, PublishPress Permissions Pro will automatically mirror your post / category permissions to the translated content.
• bbPress language permissions: bbPress is the most popular forum software for WordPress. With PublishPress Permissions Pro, you can manage access and to important bbPress features.

Join PublishPress and get the Pro plugins

The Pro versions of the PublishPress plugins are well worth your investment. The Pro versions have extra features and faster support. Click here to join PublishPress.

Join PublishPress and you’ll get access to these nine Pro plugins:

• PublishPress Authors Pro allows you to add multiple authors and guest authors to WordPress posts.
• PublishPress Blocks Pro has everything you need to build professional websites with the WordPress block editor.
• PublishPress Capabilities Pro is the plugin to manage your WordPress user roles, permissions, and capabilities.
• PublishPress Checklists Pro enables you to define tasks that must be completed before content is published.
• PublishPress Future Pro is the plugin for scheduling changes to your posts.
• PublishPress Permissions Pro is the plugin for advanced WordPress permissions.
• PublishPress Planner Pro is the plugin for managing and scheduling WordPress content.
• PublishPress Revisions Pro allows you to update your published pages with teamwork and precision.
• PublishPress Series Pro enables you to group content together into a series

Together, these plugins are a suite of powerful publishing tools for WordPress. If you need to create a professional workflow in WordPress, with moderation, revisions, permissions and more, then you should try PublishPress.

Bug Reports

Bug reports for PublishPress Permissions are welcomed in our repository on GitHub. Please note that GitHub is not a support forum, and that issues that aren’t properly qualified as bugs will be closed.

Follow the PublishPress team

Follow PublishPress on Facebook, Twitter and YouTube

Screenshots

• 

• 

• 

• 

• 

• 

• 

FAQ

Can I restrict access to custom post types?

A large number of WordPress have sites with custom post types. These custom post types often hold sensitive information. In this guide, we’ll show you how to control who can read, edit and publish content in your custom post types. By default, nearly all custom post types will inherit the same permissions as Posts. So a user in the “Editor” will role will automatically be able to write and edit in your custom post type.

• Install the PublishPress Permissions Pro plugin.
• Go to Permissions > Settings > Core.
• Under “Filtered Post Types”, check the box for your post type.
• Click “Save Changes”.
• You will now be able to edit any post in your custom post type and see editing permissions.

Click here to see how to restrict access to custom post types.

Can I restrict viewing access to specific categories?

Yes, PublishPress Permissions makes it possible to control who can view and read content with a specific category attached. In this situation, “read” means “view”. So we’re going to control who can see this content. By default, Categories are only available on WordPress Posts. However, you can add Categories to other post types and so you will be able to use the tutorial for those post types too.

Click here to see how to restrict access to categories.

Can I force users to create posts in a category or parent page?

This guide will show you how to require users to create content in a specific category or parent page. The solution in this guide is a flexible approach for sites with a substantial number of users in different roles. Depending on the needs of your site, the PublishPress plugins also offer other approaches such as this one based on user roles. In this tutorial, we’ll use examples from a university. Our sample site has categories for different university departments. Our aim will be to restrict some users to posting in some categories, or underneath some parent pages. By default, Categories are only available on WordPress Posts. However, you can add Categories to other post types and so you will be able to use the tutorial for those post types too.

Click here to see how to force users to post in a category.

Can I block access to WordPress category and tag archives?

Yes, the PublishPress Permissions plugin allows you to block access to WordPress category and tag archive pages. For example, you can block public access to the “Blog” category on your site. We will use this as an example, but the same approach can work for all taxonomies.

• Install the PublishPress Permissions plugin.
• Go to “Posts”, then “Categories”.
• Click “Edit” for your category.
• Scroll down to the “Permissions: Read Posts in this Category” area.
• Set “Anonymous” to “Blocked”.

This will impact anyone who is anonymous / not logged in to your site and tries to visit a post with the “Blog” category, or “Blog” category archive page. People without access to this category will only see a “Page Not Found” message.

Click here to see how to deny access to blog archives.

Can I control access to Media Library files?

The PublishPress Permissions plugin allows you to control permissions for media files on your site.

• Go to Permissions > Settings.
• Click the “Core” tab and make sure the “Media” box is checked.
• Click the “Editing” tab.

Scroll down to the “Media Library” area. Here you’re going to see 4 options you can use to control access to files inside the Media Library:

• List other users’ uploads if attached to a readable post: If this boxed is checked, users can view other people’s media files if they are attached a post they can read.
• List other users’ uploads if attached to an editable post: If this boxed is checked, users can view other people’s media files if they are attached a post they can edit.
• Edit other user’ uploads if attached to an editable post: If this boxed is checked, users can edit other people’s media files if they are attached a post they can edit.
• Other users’ unattached uploads listed by default: If this boxed is checked, users can view other people’s media files.

Click here to see how to control access to the Media Library.

Can I block people and search engines from accessing Media Library file URLs?

By default, all the files and images you upload to WordPress are publicly available. This is great news for most sites. The goal of most sites is to create popular content that is viewed by as many readers as possible. But this public access is a problem if you run a membership site and DO NOT want everyone reading your content. Yes, you can restrict the privacy of your posts, but people can still view your files if they know the URL. The PublishPress Permissions Pro plugin makes it possible to block direct access to your media files. Even if someone knows the URL, they won’t be able to access your files unless you give them the correct access.

Click here to see how to block people and search engines from accessing file URLs.

Can I restrict WordPress users from creating higher-level users?

By default, WordPress only allows Administrators to create users. If you want to allow other roles to create users then you need to give them at least the promote_users, list_users, edit_users and create_users permissions. However, if you give them those permissions, they can create and edit users in any role. So you could have Editors creating and editing Administrator accounts. That could be a security problem. Fortunately, PublishPress Permissions has a feature called “Limit User Edit by Level”. This prevents anyone from editing a user with a higher level or assigning a role higher than their own.

Click here to see how to restrict user creation.

How does PublishPress Permissions compare to PublishPress Capabilities, User Role Editor, Members and other role editor plugins?

PublishPress Permissions can be used in addition to a basic role editor / user management plugin. Those plugins are designed to modify existing WordPress permissions. That’s a valuable task, and in many cases will be all the role customization you need. We do recommend PublishPress Capabilities which is a WordPress role editor designed for integration with PublishPress Permissions.

PublishPress Permissions can supercharge your permissions engine and goes much further than the basic role editor plugins. PublishPress Permissions is particularly useful when you want to customize access to a specific post, category or term. PublishPress Permissions adds content-specific editing permissions, custom post status permissions, file access restriction, and other features which are not possible in default WordPress.

What should I do if I use the Role Scoper plugin?

Moving forward, we do not plan any major development of the Role Scoper code base. If you encounter issues with Role Scoper and need to migrate to a different solution, PublishPress Permissions provides access to an import script which can automate the majority of your Role Scoper migration. PublishPress Permissions can import the most Role Scoper groups, roles, restrictions and options. Some manual follow up may be required for some configurations.

Is PublishPress Permissions a complete membership solution?

No, but it can potentially be used in conjunction with an e-commerce or membership plugin. If you have a way to sell users into a WordPress role or BuddyPress group, PublishPress Permissions can grant access based on that membership.

Where does PublishPress Permissions store its settings?

PublishPress Permissions creates and uses the following tables: pp_groups, pp_group_members, ppc_roles, ppc_exceptions, ppc_exception_items. PublishPress Permissions options stored to the WordPress options table have an option name prefixed with “presspermit_”. Due to the potential damage incurred by accidental deletion, no automatic removal is currently available. You can use a SQL editing tool such as phpMyAdmin to drop the tables and delete options with option_name LIKE presspermit_%.

Can I share a link to install PublishPress Permissions?

Yes, we use the phrase “publishpress-ppcore-install” to share install links. You will see that text included in the links from other PublishPress plugins.

Reviews

Read all 56 reviews

Contributors & Developers

Changelog

4.0.34 – 14 Nov 2024

• Fixed : Changes to Permissions metaboxes in Post editor were not saved

4.0.33 – 13 Nov 2023

• Fixed: Warning for early execution of load_plugin_textdomain() in WP 6.7 #1227
• Fixed: WP 6.6 – Updating a page caused propagated permissions to be cleared under some configurations
• Fixed: Specific Permissions for page editing caused incorrect page permalink to be output on Posts / Pages screen, under some configurations
• Fixed: Updating a page could clear propagated permissions in specific configurations #1223
• Fixed: Updated wording for “Add Group” button #1195
• Fixed: Updated reference language strings #1195
• Fixed: Removed note from “Add Group” option #1195
• Fixed: Added Portuguese language hints #1202
• Fixed: Added missing translation strings in permissions (free version) #1202
• Fixed: Removed outdated message about status updates #1200
• Fixed: Changed wording of “Add New” button to “Add New Group” #1194
• Fixed: Removed social links from footer #1193
• Fixed: Removed penguin logo from headers #1191
• Compat: Experimental fix for Custom Post Type UI editing permissions #1221
• Updated: Translation files #1190
• Updated: Tested compatibility with WordPress 6.7 #527
• Improved: Translation handling by removing translation functions on variables where unnecessary
• Refined: Code formatting and normalized whitespace

4.0.32 – unreleased

4.0.31 – 8 Oct 2024

• Fixed : PHP Notice “Attempt to read property object_type on bool” under some configurations
• Compat : Events Manager – Error on event category creation if no other event categories exist

4.0.30 – 25 Sep 2024

• Compat : PublishPress Authors – Default author was inappropriately applied for Contributors / Authors under some configurations
• Change : Permissions metaboxes – include user_email as a User search field
• Change : Media cannot be edited or deleted if attached to an uneditable post (unless “Users can always edit their own attachments” setting is enabled)
• Change : Settings > Advanced > Constants – Setting checkbox to enable listing of all available constants (previously required constant definition)
• Change : Settings > Advanced > Constants – Improved formatting
• Fixed : Settings > Advanced > Constants – Add missing constant definitions, remove obsolete, list module-specific constants only if applicable
• Feature : Edit Permission Group – Bulk edit supports conversion of existing Permissions’ adjustment (Enabled / Blocked / Limit to)

4.0.29 – 16 Sep 2024

• Fixed : WP 6.6 – Post Visibility settings did not correctly refresh Save As caption under some configurations
• Compat : PublishPress Statuses – Improved button captioning with Statuses 1.0.7

4.0.28 – 3 Sep 2024 (unreleased)

• Fixed : WP 6.6 – Specific Permissions were not propagated to new subpages
• Fixed : WP 6.6 – Page Parent selection was not properly filtered under some configurations
• Feature : New setting, Permissions > Editing > “Page Parent selection for editable pages only”, causes Page Parent availability to follow page editing access

4.0.27 – 27 Aug 2024 (unreleased)

• Compat : WordPress 6.0 and earlier – Fatal error on category / term insertion
• Compat : Events Manager – If a restricted user adds an Event Category, the term hierarchy cache is updated to an empty array, breaking subsequent Event Category requests
• Compat : PublishPress Series – Specific Permissions could not be assigned for Series Categories
• Change : On new installations, create pp_group_members database table with a unique key

4.0.26 – 1 Jul 2024

Re-release with incremented version to force clearance of update package caches after previous mistagging

4.0.25 – 26 Jun 2024

• Compat : PublishPress Revisions – Administrators could not be added to Change Request Notification group

4.0.24 – 18 Jun 2024

• Compat : Advanced Custom Fields – Custom Post Types did not have type-specific capabilities enforced unless explicitly configured in ACF settings
• Compat : Admin Columns – Users listing inappropriately filtered under some conditions
• Compat : Disable Gutenberg – Classic Editor mode was not detected under some configurations
• Fixed : Settings UI – Checkbox for Permissions > Settings > Editing > Media Library > “Prevent editing uploads if attached to a non-editable post” not displayed under some conditions
• Fixed : Fatal error if constant SSEO_VERSION is unexpectedly defined

4.0.23 – 7 May 2024

• Compat : Google Analytics by MonsterInsights – custom field error message on post update
• Compat : PublishPress Revisions – Apply restrictive Submit Revisions permissions to limit Revision Queue listing
• Compat : PublishPress Capabilities – Negated capabilities were not properly applied under some Permissions configurations
• Compat : User Posts Limit – Users could not create more than one post
• Fixed : On selection of multiple new users for group membership, if one was already a group member, none of the new selections were added

4.0.22 – 26 Apr 2024

• Fixed : Fatal error updating a subpage

4.0.21 – 25 Apr 2024

• Fixed : Gutenberg Editor – empty categories were unselectable on some installations
• Change : Option to restore previous behavior by suppressing front end term filtering under some conditions
• Change : Remove penguins from Permissions > Settings screen header
• Fixed : PHP Warning on plugin activation
• Perf : Improve performance of user groups retrieval query
• Perf : Improve performance of post update query under some conditions
• Perf : Improve performance on attachment upload / update

4.0.20 – 4 Mar 2024

• Fixed : PHP Warning on PublishPress\Permissions\Groups::getGroupsForUser() / pp_get_groups_for_user() call

4.0.19 – 29 Feb 2024

• API : Function pp_get_groups_for_user() no longer defaulted to returning group objects
• Compat : bbPress – Forum Role column on Users screen was hidden
• Lang : Upate ES, FR, IT translations

4.0.18 – 27 Feb 2024

• Perf : Eliminated scan of users table on plugin activation (impacting sites with large number of users)
• Perf : Eliminated recursive query of subpages (impacting sites with complex page hierarchies)
• Perf : Improved caching of post capability checks
• Perf : On category / term queries, don’t filter term counts if empty terms are not being hidden and counts are not being shown
• Code : Improved PHP Code Sniffer scan results
• Compat : Elementor – Could not use Elementor front end editor to save a draft of a published post
• Compat : Nested Pages – Apply pp_force_quick_edit capability to Nested Pages’ Quick Edit and Contextual Add / Insert buttons
• Fixed : Filters for Post category, Tags, Terms, Parent or Status could be applied to wrong post under certain conditions
• Fixed : Permissions > Settings > Core > Front End > “Performance: Don’t filter category / tag counts” was not applied for Administrator
• Fixed : Some strings on Permissions > Settings were not translated
• Fixed : Gutenberg editor usage was not properly detected when triggered by another plugin, possibly leading to issues with category / term assignment filtering
• Fixed : Category pages: Subcategory posts were inappropriately hidden on some sites
• Fixed : Legacy Nav Menu Management – Limited Nav Menu editors saw uneditable menus in dropdown on Menus management screen
• Fixed : Legacy Nav Menu Management filters interfered with front end filtering under some conditions
• Fixed : Sanity check to prevent excessive version history logging if installed plugin’s version tags or version tag storage is incorrect
• Fixed : Terms were inappropriately auto-assigned under some conditions
• Change : Permissions > Settings > Editing option to disable auto-assignment of terms (when default term is not selectable). Note: Auto-assignment is required for some term-restricted editing configurations.
• Change : Auto-assign a term only if no default terms are selectable and the user’s editing access is modified by term-specific Permissions
• Change : Never auto-assign a term to front page or posts page
• Change : Constant definitions related to term auto-assignment to assist any potential troubleshooting or restore previous behavior
• Change : User search for Specific Permission assignment – use LIKE matching for user meta field searches
• Change : Suppress “Enable Permissions” metaboxes in Post editor, Edit Term screens
• Change : Support constant PRESSPERMIT_MEDIA_UPLOAD_GRANT_PAGE_EDIT_CAPS for front end uploading solutions that require page editing capabilities for the async upload request
• Lib : Update wordpress-reviews library to v1.1.20
• Lib : Update wordpress-version-notices library to v2.1.3
• Lang : Update ES, FR, IT translations

3.11.6 – 13 Dec 2023

• Feature : Option to require Taxonomy edit capability to assign post tags that do not already exist
• Fixed : On Post edit, Tags were not filtered based on Specific Permissions
• Fixed : On Permissions > Settings, All Taxonomies remained checked even after updating with some disabled
• Compat : Work around unidentified compatibility issue affecting term filtering and access to certain static methods

3.11.5 – 1 Nov 2023

• Compat : Beaver Builder – Queries within BB shortcodes were improperly filtered
• Fixed : Supplemental role captions were blank
• Fixed : PHP Warning “Attempt to read property ‘count’ on string”
• Fixed : PHP Warning “Undefined variable $admin_post_new_url”

3.11.4 – 26 Oct 2023

• Fixed : Collaborative Publishing module was not loaded correctly on some installations
• Fixed : Caption for Permissions: Assign Term metabox in post editor
• Fixed : PHP Warnings on Permission Groups screen

3.11.3 – 25 Oct 2023

• Fixed : Some Permissions filtering was not applied on sites with a custom wp-admin URL
• Fixed : Type-specific Supplemental Roles also granted most generic capabliities in Pattern Role. Introduce new Permissions > Advanced > Role Integration setting to restore previous behavior if needed.
• Fixed : On page edit, if the Page Parent is not editable by the logged in user, it is hidden from the Page Parent selector. This occurred only with WP >= 6.3 and with a non-standard advanced Permissions configuration.
• Fixed : PHP Warning in term filtering (Attempt to read property “term_taxonomy_id” on string) under some configurations
• Fixed : Filtering of default category / term by other plugin was overridden
• Fixed : Edit User Permissions – PHP Warning “compact(): Argument must be string…”
• Fixed : Fatal error “Call to a member function init() on null” under some configurations
• Fixed : Version update script triggering could be skipped on Pro installation under some conditions
• Compat : Polylang + WP 6.3 – Language filter was no longer applied to Page Parent dropdown
• Change : Added installation log to Permissions > Settings > Install

3.11.1 – 30 Aug 2023

• Fixed : Rest API access error on some sites (potentially preventing login)
• Fixed : Gallery block in Gutenberg editor: error loading Image Size dropdown options
• Fixed : Caption for Navigation Menus (for Navigation block) did not distinguish them from legacy Nav Menus
• Fixed : PHP 8.1 – Warning for dynamic property creation in post editor
• Compat : Peepso – Non-administrators couldn’t submit front end posts on PHP >= 8.1

3.10.0 – 19 Jun 2023

• Compat : WooCommerce – Private Products were not listed in Shop, even if Read Permissions are assigned
• Compat : ACF Extended – Extra Update button on Edit Term screen
• Fixed : Fatal error for undefined PUBLISHPRESS_PERMISSIONS_PRO_VENDOR_PATH on some installations
• Fixed : If a “Limit to: (none)” Permission is assigned to default-restrict a post type, creating a new post causes a post-specific allowance to be assigned
• Fixed : Category filtering error caused Nav Menu corruption if empty category is used as a top level menu
• Change : Bump WordPress version requirement to 5.5
• Change : Bump PHP version requirement to 7.2.5
• Change : Update vendor libraries based on revised PHP version support

3.9.3 – 11 May 2023

• Change : Adjustment to composer.json
• Change : Adjustment to .gitignore

3.9.2 – 10 May 2023

• Fixed : Remove .git nested folders from some vendor libraries, using build script

3.9.1 – 9 May 2023

• Fixed : Fatal error in Composer installs due to missing vendor libraries
• Compat : PublishPress Planner – Status Change notifications were not sent

3.9.0 – 4 May 2023

• Fixed : Error updating plugin with Composer, fixed by removing unused vendor libraries
• Fixed : Fatal error in wp-admin if certain request variables have unexpected values
• Change : Bump WordPress version requirement to 5.5
• Change : Bump PHP version requirement to 7.2.5
• Change : Update vendor libraries based on revised PHP version support

3.8.8 – 04 May 2023

• Change: Added warning about end of support for WordPress 5.4 and earlier. PublishPress Permissions 3.9 will require WordPress 5.5 or later.

3.8.7 – 30 Mar 2023

• Change : Media Library – new setting to disable “Prevent editing uploads if attached to a non-editable post”, available if Settings > Core > Filtered Post Types > “Enforce distinct capabilities for Media” is enabled
• Compat : WPML – Logged in users saw 404 error on Home Page viewing request if post type is not enabled for Permissions filtering
• Fixed : Error on post creation / update by Editor, under some configurations
• Fixed : PHP 8.1 – Notice in wp-admin
• Change : Minimum PHP version 7.2.5

3.8.6 – 23 Mar 2023

• Compat : Elementor – Error, memory exhaustion when users try to edit their own draft in Elementor
• Compat : PublishPress Revisions – When revision submission is enabled for unpublished posts, Revision Creation exceptions also allowed publication of main post
• Fixed : Fatal Error for some get_pages() queries

3.8.5 – 9 Feb 2023

• Fixed : Permission Group description was cleared when a new Permission is saved
• Fixed : If Permissions were set to limit Page Parent selection to a single page and its descendants, when that page itself was edited, all pages were displayed in Page Parent selector (though they could not be saved)
• Fixed : Nav Menu Management: Menu update by a limited user cause all uneditable menu items to be removed
• Fixed : Nav Menu management by limited user based on Permissions for a specific menu – On menu update, all uneditable items were removed
• Fixed : PHP Warning in login popup after current login times out
• Fixed : If constant PP_RESTRICTION_PRIORITY is set, “Limit to” Category permissions (the unblocked list) were still overriding “Exclude” Category permissions
• Compat : PublishPress Revisions – Permissions limiting revision creation to only specific posts also blocked reading access to other posts

3.8.4 – 15 Dec 2022

• Fixed : Nav Menu Manager role had no label on Edit Permissions screen after storage
• Fixed : Nav Menu Manager role did not allow menu creation
• Fixed : get_pages() call with large include or exclude array caused excessively large query
• Fixed : Classic Editor – limited authors may be locked out of editing new page if access depends on inheriting specific permissions from a required parent page
• Fixed : Edit Category / Tag – Extra update button, not needed for non-Administrators, who don’t have multiple Specific Permission metaboxes

3.8.2 – 17 Nov 2022

• Fixed : Post preview did not display unsaved changes
• Fixed : WP 6.0 – Advanced option to “Delete settings on plugin deletion” prevented successful plugin deletion
• Fixed : PHP error “undefined function PublishPress\Permissions\ppc_delete_agent_permissions()” at user deletion on some installations
• Compat : Nested Pages – Subpages not listed if Permissions configured to make root level page uneditable
• Compat : Elementor – Work around Elementor requiring edit_posts capability no matter what type of post is being edited

3.8 – 18 Oct 2022

• Fixed : Category / Term Management restrictions did not exclude unmanagable terms from list
• Fixed : Clearance of category_children field caused issues for some third party plugins
• Fixed : Query Loop block – Sticky Posts displayed redundantly
• Fixed : Multisite – Invalid UI on some plugin screens for network installations
• Fixed : Users screen – PHP Notice for required parameter $column_name, $id
• Fixed : Edit Permission Group screen – PHP Notice for required parameter $agent_type
• Fixed : Edit Permission Group screen – PHP Notice for deprecated function
• Fixed : Archive widget – PHP Warning
• Fixed : HTML Forms plugin – PHP Notices
• Feature : Option to delete all plugin data and settings on plugin deletion
• Feature : New setting “List other user’s uneditable posts”, default disable on new installations
• Change : Disable “Add Author Page” dropdown on new installations
• Change : Settings screen caption, styling improvements
• Change : Use instance protection library to deal with duplicate / obsolete plugin activations
• Change : Plugin review request

3.7.12 – 30 Aug 2022

• Fixed : Sticky Posts were displayed redundantly in Query Loop block
• Compat : PublishPress Revisions – Category permissions for revision creation or submission failed if term_id differed from term_taxonomy_id

3.7.11 – 16 Aug 2022

• Fixed : PHP 8 – If a non-Administrator updated a top-level page, any Specific Permissions propagated to its subpages were cleared
• Fixed : Category / Term restrictions set for Everyone / Logged In were applied to Administrators
• Fixed : Fatal error on activation of certain other plugins
• Fixed : Fatal error if option “presspermit_deactivated_modules” has invalid value stored
• Workaround : Support PRESSPERMIT_AUTOSET_AUTHOR constant to set Author to current user if autoset_post_author / autoset_page_author capability is assigned

3.7.10 – 7 Jul 2022

• Fixed : Filter ‘use_block_editor_for_post’ was not recognized in detecting block editor disable
• Fixed : Category Permissions – Assign Category restrictions did not prevent checkbox display in Gutenberg post editor

3.7.9 – 8 Jun 2022

• Fixed : REST post creation – Category Assign restrictions were not applied unless accompanied with Edit restrictions; caused new category to be created
• Fixed : Permission Groups screen – Roles column displays unrendered html tags under some configurations

3.7.8 – 2 Jun 2022

• Fixed : Access failures under some configurations

3.7.7 – 2 Jun 2022

• Fixed : Authors could not create new posts; possibility of other access failures

3.7.6 – 1 Jun 2022

• Compat : WP 6.0 – Fatal error loading Customizer with PublishPress Revisions active, possibly in other areas
• Fixed : WP 6.0 – Edit User / Profile screen did not display group assignments
• Fixed : Implicit assignment of read capability forced all roles to have dashboard access
• Fixed : Edit Category screen did not have metabox for Assign Category permissions assignment
• Fixed : Category / Term assignment restrictions were not applied in Gutenberg editor
• Fixed : Category / Term permissions – exclusions were not applied to terms list for post template display
• Compat : The Events Calendar – post queries filtered incorrectly if event venue is involved

3.7.5 – 2 May 2022

• Fixed : Category Permissions set for “(all)” post types were not stored properly
• Fixed : Category / Term restrictions were not applied to post creation / edit by REST API
• Fixed : On new page creation, author could be locked out of editing if restrictive editing permissions are assigned and autosave occurs before manual save
• Fixed : Non-administrators can access Appearance menu, theme settings in WordPress 5.9

3.7.4 – 20 Apr 2022

• Lang : Spanish translation
• Lang : French translation
• Lang : Italian translation
• Fixed : Fatal error on post edit if category / term permissions are stored
• Fixed : PHP Warning on post update by non-Administrator
• Fixed : Customizer did not load under some configurations
• Fixed : Role Usage menu items not displayed under some configurations
• Fixed : Coding Standards – some output variables were not late-escaped

3.7.3 – 3 Mar 2022

• Compat : PublishPress – Non-Administators could not see unpublished posts on calendar
• Fixed : Edit Group / User Permissions – roles could not be removed
• Fixed : Non-administrators could not edit Menus on some installations
• Fixed : PHP Warnings on admin dashboard

3.7.2 – 2-22-22

• Fixed : Specific Permissions could not be added using editor metaboxes

3.7.1 – 18 Feb 2022

• Fixed : Category / Term blockages were not applied
• Fixed : Error redirecting following post save if the save operation sets a status which blocks the user from further editing
• Fixed : PHP 8 – Warning on Edit Permission Group screen

3.7 – 17 Feb 2022

• Fixed : Numerous instances of missing / non-standard output variable escaping
• Fixed : Numerous instances of missing / non-standard database query sanitization
• Fixed : Specific Permissions could not be added using editor metaboxes until after post is saved

3.6.9 – 26 Jan 2022

• Compat : WordPress 5.9 – fatal error adding / editing posts (work around WP hooking late-defined function _disable_block_editor_for_navigation_post_type)

3.6.8 – 20 Jan 2022

• Fixed : Specific Permissions could not be added or removed using metaboxes in the post editor

3.6.7 – 5 Jan 2022

• Fixed : Fatal error on sites not running PublishPress Revisions

3.6.6 – 5 Jan 2022

• Compat : PublishPress Revisions – Contributors couldn’t edit own draft posts if “Prevent Revisors from editing other user’s drafts” setting enabled
• Compat : PublishPress Revisions – “Revise” permissions assigned under previous Revisions versions did not enable revision creation
• Compat : PublishPress Revisions – Restrictive permissions for revision creation were not applied
• Compat : PublishPress Revisions – limited revisors could not edit newly created revision under some Permissions configurations
• Fixed : Error message after trashing a post in Gutenberg editor (although trashing was successful)
• Fixed : Trash button not initally displayed after creating a post (requires page reload)
• Fixed : Permissions table header styling was broken if custom styling is applied to certain standard WP classes
• Fixed : Edit User screen – Permissions box styling was broken if custom styling is applied to certain standard WP classes
• Fixed : Input sanitization consistency

3.6.5 – 24 Nov 2021

• Fixed : PHP Notice “Undefined index: list_published_posts”
• Compat : PublishPress Revisions – PHP Notice “Undefined variable: type_obj”

3.6.4 – 23 Nov 2021

• Compat : PublishPress Revisions – Published custom post types not listed to Revisors under some configurations (also requires Revisions 3.0.5)
• Compat : Public Post Preview – Disable Permissions filtering for public preview requests
• Compat : Database servers that return column names all lowercase
• Fixed : PHP Notice (undefined name property) on Edit Permission Group screen under some conditions
• Fixed : Page editor: permalink preview did not include parent pages

3.6.3 – 16 Nov 2021

• Compat : PublishPress Revisions – Revisions Submission permissions did not correctly adjust Edit Posts / Pages listing in some configurations (also requires Revisions 3.0.2)

3.6.2 – 9 Nov 2021

• Fixed : Nav Menu Editor – Offered to add unpublished posts to menu; post metabox paging failed if unpublished items present
• Fixed : Front end Nav Menu filter was applied regardless of “Disable all filtering for anonymous users” setting

3.6 – 14 Oct 2021

• Compat : PublishPress Revisions 3
• Fixed : Non-Administrators could not view image gallery in post preview
• Fixed : Page Structure settings did not prevent creation of top level pages in Gutenberg
• Feature : Edit Group Permissions screen – “Fix sub-Pages permissions” link causes Specific Permissions to be re-propagated to sub-pages if WP_DEBUG is defined (url argument: pp_fix_child_exceptions)
• Compat : PublishPress Revisions – Specific Permissions for “Revise” did not cause display of “Edit” link in Admin Bar

3.5.7 – 26 Jul 2021

• Fixed : Nav Menu Edit – Permissions configuration did not make private pages selectable
• Fixed : Nav Menu Edit – If Pages metabox results are paged, custom Front Page and Privacy Page were forced to the top of every results page
• Compat : WP Engine – Long wp-admin screen loads because excessive clearance of WP Engine cache caused WordPress to execute Update Plugins check on each request
• Fixed : Default / Lock Privacy settings were not properly reflected in Gutenberg Editor display
• Compat : HTML Forms plugin – PHP Notice on form submission / file upload

3.5.6 – 23 Jun 2021

• Fixed : Category / Term selector in post editor offered a maximum of 100 terms
• Fixed : Menu Editor – Page / Post selection metaboxes (if more than 50 total items are available) did not list private items after clicking a paging link
• Fixed : PHP Notice on plugin activation under some conditions
• Fixed : Fatal error if a very old version of Revisionary or PressPermit Core is active
• Compat : User Switching – First switched user inherits capabilities of current logged user on some sites
• Compat : WooCommerce – Failure / delay updating variations of variable product

3.5.5 – 19 May 2021

• Fixed : Add User screen – Javascript error on some sites
• Fixed : Term filtering error for some custom taxonomies
• Compat : WPML – Archives widget did not output links if multiple languages configured

3.5.4 – 6 May 2021

• Compat : Revisions – Pending Revision Monitors group ineffective when first installation of Permissions was >= 3.5
• Compat : Revisions – If draft revisions enabled, apply term-specific Revise permissions to unpublished posts if constant PRESSPERMIT_REVISE_TERMS_FOR_UNPUBLISHED defined
• Fixed : PHP warning on Permissions > Settings > Advanced

3.5.2 – 8 Apr 2021

• Compat : Gutenberg Ramp – Fatal error on editor screen if PublishPress Revisions not active
• Compat : Revisions Pro + Elementor, Divi or Beaver Builder : Pending Revision Monitors group membership did not control notifications

3.5.1 – 6 Apr 2021

• Fixed : Post Editor – toggling a Specific Permission Enabled / Disabled left both Enabled and Disabled permissions intact (with Enabled taking precedence under normal configuration)
• Fixed : Classic Editor – Publish metabox replaced “Public” caption with blank space
• Compat : Classic Editor plugin – PHP warning for undefined variable current_user on some screens if users are allowed to select their editor
• Compat : PublishPress Revisions – Revisors could not preview other users’ pending revisions, even if they are listed in Revision Queue (also requires PublishPress Revisions 2.5.1)
• Compat : PublishPress Revisions – Pending Revision Monitors group ineffective; notifications were sent to all Editors and Administrators (also requires PublishPress Revisions 2.5.1)

3.5 – 4 Mar 2021

• Compat : Divi Builder – Specific Permissions did not allow non-Editors to edit other users’ pages
• Compat : PublishPress Authors – non-Editors could be locked out of editing their own post due to “default author for new post” setting or manual Authors change
• Compat : PublishPress Authors – users who can edit due to specific permissions where blocked from Edit Posts / Pages screen under some configurations
• Compat : PublishPress Revisions – Specific Permissions did not allow Contributors to revise other users’ pages
• Compat : Glance That plugin – Widget content was cleared
• Change : Settings screen – admin hints hidden by default, display on Comments icon click
• Change : Moved Users screen content to Settings > Advanced > User Permissions
• Lang : Separated admin hints into separate language file (text domains: press-permit-core-hints)
• Fixed : Permission metaboxes in post editor did not search user display name
• Fixed : Permission metaboxes in post editor – clicking search icon did not trigger search
• Fixed : Fatal error in some custom REST requests
• Perf : Eliminate a few redundant queries

3.4.3 – 21 Jan 2021

• Fixed : Edit Category / Term – Metaboxes for Editing and Assignment permissions were blank
• Fixed : Non-Administrators with editing access to an unpublished post could not view it using standard post link
• API : New filter ‘presspermit_rest_post_endpoints’ and ‘presspermit_rest_term_endpoints’ support some custom REST API routes and endpoints
• Compat : Simple WordPress Membership – Invalid metabox displayed on Edit Category screen

3.4.2 – 20 Jan 2021

• Compat : WP Engine Object Cache – initial pass at auto-clearing cache on plugin configuration changes
• Fixed : Slow comment count query for Contributors in wp-admin

3.4.1 – 14 Jan 2021

• Fixed : Anonymous visitors were blocked from viewing public posts under some conditions
• Fixed : Administrators could not assign roles or edit users with a role level higher that Subscriber, under some conditions
• Fixed : Fatal Error activating Permissions Pro if Permissions is already active
• Fixed : PHP Warning for undefined constant DB_NAME, on some installations
• Fixed : Deprecated jQuery event handlers
• Compat : PublishPress Revisions – Contributors could not edit their own drafts if Revisions is configured to restrict access to other users’ drafts
• Compat : PublishPress Capabilities – With “Control Custom Statuses” enabled, custom capability was required to set Draft status
• Compat : WPML – Edit Category / Edit Term screen had duplicate Permissions metaboxes
• Compat : PublishPress Authors – PHP Notice in term / category filtering under some conditions
• Feature : Add / Edit User: single select for Permission Groups if constant PRESSPERMIT_EDIT_USER_SINGLE_GROUP_SELECTION or PRESSPERMIT_EDIT_USER_SINGLE_GROUP_SELECTION is defined

= …