plugin-icon

Qaiyo Access Manager

By qaiyo·
Control which plugins and post types each role or user can access, with allow/deny rules, per-user overrides and a frontend shortcode.
access-control
cpt
permissions
Ratings
Add a review
Version
1.1.0
Last updated
Jun 17, 2026

Qaiyo Access Manager extends WordPress’s built-in permission system. Out of the box, WordPress only lets you assign broad roles (editor, author, contributor…). This plugin lets administrators set fine-grained access rules for individual plugins and custom post types, at both the role level and the individual user level — without writing code or touching functions.php.

Hide WooCommerce from editors, give a single freelancer access to one custom post type, stop contributors from seeing a page builder, redirect each role to its own landing page after login, or protect a block of content on the front end with a shortcode. Administrators always keep full access and can never be locked out.

Plugin & content access

  • Plugin-level access control — Decide which roles can see and manage each installed plugin. The plugin is hidden from the Plugins screen, its action links are removed, and its admin menu pages are removed and blocked (including direct-URL access) for restricted roles. This governs visibility and admin access; it is not a substitute for a plugin’s own internal capability checks.
  • Custom post type access control — Restrict any custom post type (WooCommerce Products, ACF field groups, portfolios, events…) per role, across the admin menu, list/edit queries, single front-end views (with a configurable redirect) and the core REST API. Content types registered with their own capabilities are also enforced at the capability level, so guests and unauthorised roles are blocked, not just hidden.
  • Allow / Deny mode per rule — Each rule can either allow only the checked roles, or deny the checked roles and leave everyone else untouched — whichever needs fewer clicks.
  • User-level overrides — Allow or deny a specific user regardless of their role. User rules always win over role rules.
  • Access Matrix — A bird’s-eye grid of every plugin and post type against every role, so you can audit your whole site at a glance.
  • Native capability hints — Next to each plugin and post type, see which roles already hold the relevant WordPress capabilities, so your rules and core roles never silently conflict.

Roles, login & front end

  • Login redirect by role — Send each role to its own URL right after login.
  • Restricted content redirect — Choose where logged-in users land when they open a single item of a content type they cannot access (home, 404, login or a custom URL).
  • Frontend protection shortcode[qaiyo_protect role="editor" deny="subscriber" logged_in="yes" cap="edit_posts"]…[/qaiyo_protect] shows or hides content by role, login state or capability, with an optional replacement message.
  • Customizable restricted notice — Pick the style (info / warning / error / none) and text shown to restricted users, with {user_name}, {site_name} and {admin_email} placeholders.

Admin experience

  • Capabilities inspector — A read-only, searchable capability × role matrix that flags core vs plugin capabilities. It never changes your roles — it just shows you what they already hold.
  • Dashboard summary widget — A WordPress Dashboard widget showing how many plugins and post types are restricted and how many user-level overrides are active, for an at-a-glance health check.
  • Hide the admin bar — Remove the frontend toolbar for selected roles.
  • Hide individual admin bar items — Strip specific nodes from the top toolbar per role.
  • Hide dashboard widgets — Remove dashboard widgets per role.
  • Update permissions — Let non-admin roles update plugins and/or themes without granting full administrator access (applied at runtime, fully reversible).
  • JSON import / export — Back up every rule to a JSON file, or migrate your whole configuration to another site.
  • Explore Qaiyo plugins — An in-admin overview of the Qaiyo plugin family, with a notice on your Qaiyo screens when a newer version of an installed Qaiyo plugin is available.

Built for the real world

  • Administrators are protected — Anyone with manage_options always has full access and cannot be restricted.
  • AJAX save — Rules are saved without a page reload.
  • Translation ready — Ships with 11 languages: English, Hungarian, German, French, Spanish, Japanese, Portuguese, Italian, Russian, Turkish and Polish.
  • Translation-plugin compatible — Plays nicely with WPML, Polylang and TranslatePress; internal translation post types are excluded automatically.
  • WordPress standards — Nonce verification, capability checks, sanitized input and escaped output throughout.

Looking for more? Qaiyo Access Manager Pro adds an editable click-to-toggle matrix, rule presets, user groups, bulk actions, temporary (time-limited) access, an activity log, admin page hiding, meta box control and email notifications.

Freeon paid plans
Get started
By installing, you agree to WordPress.com Terms of Service and Third-Party plugin Terms.
Tested up to
WordPress 7.0
This plugin is available for download for your site.
Download