| WordPress

There is one reason I keep hearing over and over again from people who don't use WordPress: there's no access control. For large organizations, it's essential to have close control over what users can and cannot do on our site. Drupal and Joomla both have powerful access control systems in the core.

With WordPress, if you choose the right plugin, it is still possible to have close control over what your users can and can not do. We're going to show you how with the PublishPress Capabilities plugin.

PublishPress Capabilities

  • Go to Plugins > Add New in your WordPress admin area.
  • Search for and install the PublishPress Capabilities plugin.
  • Once the plugin is active, go to Capabilities in the left-hand menu.
  • Click this link and you'll see the main PublishPress Capabilities Dashboard.

cme dashboard

User Roles

As a reminder, there are five default roles in WordPress: Administrator, Editor, Author, Contributor and Subscriber. All of these roles are very general and, by default, can not be customized.

User Roles form the basis of permissions in WordPress. In most cases, it's best to put a user into a role and apply permissions to that role, rather than trying to apply permissions directly to the user.

In order to follow this tutorial, I would recommend clicking Users in the left-hand menu and creating a user in the Editor role. We're going to use them to show how PublishPress Capabilities works.


Think back. A little earlier, when controlling what people could see in the Main Menu, we said "Not all of the user roles can see all of these links anyway. By default, only Administrator can see all of the links."

Well, the reason that some user roles can't see those links is that they don't have the correct Capabilities. For example, these are the Capabilities that the Editor has:

editor permissiions
Everything on this page is editable. You have complete control over the permissions on your site.

PublishPress Capabilities

PublishPress Capabilities is a powerful way to control who can do what on your WordPress site.

A note of caution: access control is a naturally difficult and time-consuming task. It will take you a while to learn how to use PublishPress Capabilities. It took me several hours and several strong cups of coffee to understand how it works. Not everything is as intuitive as it could be. That was true of learning access control in Joomla and Drupal too.

However, give it time, practice and experiment with how it works. You'll be rewarded. Thanks to PublishPress Capabilities, WordPress can have access control that is similar to Joomla and Drupal.

About the author

Steve is the founder of OSTraining. Originally from the UK, he now lives in Sarasota in the USA. Steve's work straddles the line between teaching and web development.