Docs / Packages Management / Access Control Overview
Get Help

Access Control Overview

Updated Jan 26, 2026 Packages Management

Overview

Access control in WordPress Download Manager determines who can download your files. You can restrict downloads by user role, specific users, or require actions like email submission or password entry before allowing downloads.

Prerequisites

  • WordPress Download Manager installed
  • Administrator role for configuring access
  • Understanding of WordPress user roles

Quick Start

  • Edit any package
  • Find the Access/Update Lock panel
  • Select allowed roles under Allow Access
  • Save the package

Access Control Layers

WPDM provides multiple layers of access control:

┌─────────────────────────────────────────────┐
│           PACKAGE ACCESS FLOW               │
├─────────────────────────────────────────────┤
│                                             │
│  1. AVAILABILITY                            │
│     └─ Is package published and active?     │
│                                             │
│  2. ROLE-BASED ACCESS                       │
│     └─ Does user's role have permission?    │
│                                             │
│  3. USER-SPECIFIC ACCESS                    │
│     └─ Is this specific user allowed?       │
│                                             │
│  4. DOWNLOAD LIMITS                         │
│     └─ Has user exceeded their limit?       │
│                                             │
│  5. LOCKS (if any enabled)                  │
│     └─ Has user unlocked the package?       │
│                                             │
│  ✓ DOWNLOAD ALLOWED                         │
│                                             │
└─────────────────────────────────────────────┘

Role-Based Access

Default Roles

WordPress includes these default roles:

Role Typical Use
Administrator Full access
Editor Content management
Author Own content only
Contributor Submit for review
Subscriber Basic member access

Setting Role Access

  • Edit a package
  • Find Access/Update Lock panel
  • Under Allow Access, select roles:
Option Who Can Download
Everyone Anyone, including guests
All Members Any logged-in user
Specific Roles Only selected roles

Common Configurations

Public Downloads:

☑ Everyone (Guest)

Members Only:

☑ Subscriber
☑ Contributor
☑ Author
☑ Editor
☑ Administrator

Premium Members:

☑ Premium Member (custom role)
☑ Administrator

Admins Only:

☑ Administrator

User-Specific Access

Grant access to specific users regardless of role:

  • Edit the package
  • Find User Access field
  • Enter usernames or user IDs
  • Separate multiple with commas
john_smith, jane_doe, 42, 56

Category-Level Access

Set default access for entire categories:

  • Go to Downloads > Categories
  • Edit a category
  • Set Access roles
  • All packages in category inherit these settings

Package-level settings override category settings.

Download Limits

Per-Package Quota

Limit total downloads for a package:

  • Edit package
  • Go to Package Settings > General
  • Set Download Limit (Quota)
  • When reached, downloads are disabled

Per-User Limits

Limit downloads per individual user:

  • Edit package
  • Set Download Limit Per User
  • Each user can only download X times

Global Limits

Set site-wide limits at Downloads > Settings > Frontend Access:

  • Daily download limit per user
  • Hourly download limit
  • Require login for limits to apply

Lock Types

Locks add additional requirements before download:

Lock Requirement
Password Enter correct password
Email Submit email address
LinkedIn Share on LinkedIn
Twitter Tweet or follow
Facebook Like the page
reCAPTCHA Complete CAPTCHA
Terms Accept terms & conditions
Form Fill out custom form

Locks work in addition to role-based access.

See individual lock documentation for details.

Guest Access

Allowing Guest Downloads

To allow downloads without login:

  • Edit package
  • Under Allow Access, select Everyone or Guest
  • Save package

Restricting Guest Access

To require login:

  • Don’t select Guest or Everyone
  • Select specific roles instead
  • Guests see login form

Global Guest Settings

At Downloads > Settings > Frontend Access:

  • Allow Guest Downloads: Master toggle
  • Guest Download Limit: Limit per IP address
  • Require Registration: Force account creation

Visibility Settings

Hide Restricted Packages

Choose whether to show restricted packages:

Show with Message:

  • Package visible to everyone
  • Restricted users see “Permission Denied”
  • Encourages login/registration

Hide Completely:

  • Package invisible to unauthorized users
  • No hint it exists
  • More secure for sensitive content

Configure at Downloads > Settings > Frontend Access > Hide Inaccessible Packages.

Category Visibility

Categories can also be hidden:

  • Edit category
  • Set visibility roles
  • Only visible to allowed roles

Access Control Settings

Global Settings

At Downloads > Settings > Frontend Access:

Setting Description
Default Access Roles for new packages
Guest Downloads Allow/deny guest access
Download Limit Global per-user limit
Login Redirect Where to redirect after login
Registration Allow front-end registration

Package Settings

Each package can override:

  • Allowed roles
  • Specific users
  • Download limits
  • Lock requirements

Checking Access Programmatically

Check User Access

// Check if current user can access
$can_access = WPDM()->package->userCanAccess($package_id);

if ($can_access) {
    echo 'You can download this package.';
} else {
    echo 'Access denied.';
}

Check Specific User

// Check specific user
$can_access = WPDM()->package->userHasAccess($user_id, $package_id, 'package');

Get Allowed Roles

// Get allowed roles for package
$roles = WPDM()->package->allowedRoles($package_id);
print_r($roles);
// ['subscriber', 'editor', 'administrator']

Troubleshooting

Users Can’t Download

Causes:

  • User role not in allowed list
  • User exceeded download limit
  • Package has unfulfilled locks

Solutions:

  • Verify role is selected in access settings
  • Check user’s download count
  • Test unlock requirements

Everyone Can Download

Cause: “Everyone” or “Guest” selected

Solution:

  • Remove Guest/Everyone from access list
  • Select specific roles only

Access Changes Not Working

Cause: Caching

Solution:

  • Clear page cache
  • Clear browser cache
  • Test in incognito window

Role Not Appearing

Cause: Custom role not registered

Solution:

  • Verify role exists in WordPress
  • Check plugin that creates role is active
  • Refresh roles list

Best Practices

Security

  • Use specific roles, not “Everyone” for sensitive files
  • Implement download limits to prevent abuse
  • Use locks for high-value content
  • Regularly audit access settings

User Experience

  • Clearly communicate access requirements
  • Provide easy registration path
  • Show meaningful error messages
  • Consider tiered access levels

Organization

  • Use categories for bulk access control
  • Document your access structure
  • Test as different user roles
  • Review access settings periodically

Related Documentation

Last updated: January 2026
Applies to: WordPress Download Manager 7.x

Last updated on January 26, 2026

Need Help?

Get support from our team or community forum.

Visit Support

Customization

Need custom features? We can help.

Request Quote