Image
Image

Members – Membership & User Role Editor Plugin

Descripción

Members es un plugin de membresías para WordPress basado en perfiles y capacidades. Le da a tus usuarios la mejor experiencia de membresía proporcionándote potentes herramientas para agregar perfiles y capacidades y asignarlos a tus usuarios.

Members te permite establecer permisos para restringir el contenido de tu sitio proporcionando una sencilla interfaz de usuario (IU) para el potente sistema de perfiles y capacidades de WordPress, que tradicionalmente solo ha estado disponible para los desarrolladores que saben programarlo a mano.

Características del plugin

  • Gestor de perfiles: Te permite editar, crear y borrar perfiles, y también capacidades de estos perfiles.
  • Múltiples perfiles de usuario: Da uno, dos o incluso más perfiles a cualquier usuario.
  • Denegar capacidades de forma expresa: Deniega capacidades específicas a perfiles de usuarios concretos.
  • Clonar perfiles: Crea un nuevo perfil clonando un perfil existente.
  • Role Import / Export: Export all roles and Members settings to a JSON file, export selected roles from the roles table, and preview imported roles before choosing whether to import, skip, overwrite, or rename each one.
  • Permisos de contenido / Contenido restringido: Protege el contenido para determinar qué usuarios (por perfiles) tienen acceso a la entrada de contenido.
  • Shortcodes: Shortcodes para controlar quién tiene acceso al contenido.
  • Widgets: Un widget de formulario de acceso y un widget de usuarios para mostrarlos en las barras laterales de tu tema.
  • Sitio privado: Puedes hacer que tu sitio y su feed sean completamente privados si así lo quieres.
  • Administrator Rescue (Magic Link): If you lose access to the WordPress admin (e.g. after editing roles), you can request a secure, time-limited link by email to restore your Administrator role and Members capabilities—no support ticket or database access required.
  • Integración del plugin: Members es muy recomendado por otros desarrolladores de WordPress. Muchos plugins existentes integran directamente en ellos sus perfiles y capacidades personalizadas.

Integración perfecta con MemberPress

If you’re looking to build a business out of your membership site by creating paid memberships there’s no better way than to use MemberPress. Members and MemberPress work together to provide the ultimate member experience and will help you start and profit from your amazing WordPress membership sites!

Ahora todas las extensiones están incluidas

¡Members ahora incluye TODAS sus extensiones sin ningún costo! Aquí están algunas de las impresionantes características que agregan a Members:

  • Permisos de bloques: Permite a los propietarios del sitio ocultar o mostrar bloques en función del estado del usuario conectado, su perfil o su capacidad.
  • Capacidades de privacidad: Crea capacidades adicionales para controlar las características de privacidad y datos personales de WordPress (RGPD).
  • Acceso al escritorio: Permite a los administradores del sitio controlar qué usuarios tienen acceso al escritorio WordPress mediante perfiles.
  • Crear capacidades del núcleo: Agrega las capacidades create_posts y create_pages a las entradas/páginas para separarlas de sus equivalentes edit_*, proporcionando capacidades de edición más flexibles.
  • Category and Tag Caps: La extensión Category and Tag Caps crea capacidades personalizadas para el núcleo de las taxonomías de categorías y etiquetas de entradas. Esto permite a los propietarios del sitio tener un control preciso sobre quién puede gestionar, editar, borrar o asignar categorías/etiquetas.
  • Niveles de perfil: Expone el antiguo sistema de niveles de usuario, que corrige el fallo del desplegable de autor de WordPress cuando los usuarios no tienen un perfil con uno de los niveles asignados.
  • Jerarquía de perfiles: Crea un sistema jerárquico de perfiles.
  • Integración con ACF: Crea capacidades personalizadas para el plugin Advanced Custom Fields (ACF) que gestionar con el plugin Members.
  • Integración con EDD: Integra las capacidades del plugin Easy Digital Downloads en la gestión de perfiles del plugin Members.
  • Integración con GiveWP: Integra las capacidades de los plugins GiveWP y GiveWP Recurring Donations en la gestión de perfiles del plugin Members.
  • Integración con Meta Box: Integra las capacidades del plugin Meta Box en la gestión de perfiles del plugin Members.
  • Integración con WooCommerce: Integra las capacidades del plugin WooCommerce en la gestión de perfiles del plugin Members.

Para más información, visita la página de inicio del plugin Members.

¿Te gusta este plugin?

The Members plugin is a massive project with 1,000s of lines of code to maintain. A major update can take weeks or months of work. We don’t make any money directly from this plugin while other, similar plugins charge substantial fees to even download them or get updates. Please consider helping the cause by:

Documentation

Read the full documentation

Soporte

Si necesitas que el plugin sea compatible con nosotros, puedes visitar nuestra página de soporte.

Desarrollo del plugin

Si eres autor de un tema, un plugin o, simplemente, un aficionado al código, puedes seguir el desarrollo de este plugin en su repositorio de GitHub.

Capturas de pantalla

Instalación

  1. Sube members al directorio /wp-content/plugins/.
  2. Activa el plugin a través del menú de ‘Plugins’ de WordPress.
  3. Ve a “Ajustes > Members” para elegir qué ajustes te gustaría usar.

Hay instrucciones más detalladas en el archivo readme.html del plugin.

FAQ

¿Por qué se creó este plugin?

We weren’t satisfied with the current user, role, and permissions plugins available. Yes, some of them are good, but nothing fit what we had in mind perfectly. Some offered few features. Some worked completely outside of the WordPress APIs. Others lacked the GPL license.

So, we just built something we actually enjoyed using.

What’s the difference between Members and MemberPress?

Members and MemberPress solve different problems and are designed to work together.

Members is a free roles and capabilities plugin. It gives you a UI on top of WordPress’ native roles and capabilities system so you can create and edit roles, assign multiple roles to users, and restrict content by role or capability. It’s the right tool when you need to control who can do what inside your site—dashboard access, content permissions, and capability management—without charging for access.

MemberPress is a premium, all-in-one WordPress membership platform built for monetization and much more. In addition to paid subscriptions, payment processing (Stripe, PayPal, and more), recurring billing, coupons, and drip content, MemberPress also includes:

  • Courses — a built-in LMS for creating and selling online courses with lessons, quizzes, and progress tracking.
  • CoachKit — tools for running coaching programs, including milestones, habits, and client check-ins.
  • Community Groups — private member communities and discussion spaces tied to your memberships.
  • Member Profiles & Directories — customizable front-end profiles and searchable member directories.
  • Email marketing integrations, affiliate program support, and many more premium features.

It’s the right tool when you need to sell access to content, courses, coaching, or communities—and grow a full membership business around it.

The two plugins are complementary, not competing. Many sites use Members for fine-grained role and capability management alongside MemberPress for everything membership-business related. For a full side-by-side comparison, see Members vs MemberPress.

¿Cómo lo uso?

La mayoría de las cosas deberían ser bastante sencillas, pero también puedes ver la documentación en línea.

Can I move roles between sites?

Yes. On the Roles screen, use Export All to download a JSON file containing every role, its capabilities, and your Members plugin settings. To export only some roles, select them in the roles table and choose Export from the Bulk Actions menu.

To import roles, upload a Members export JSON file from the same screen and click Upload and Preview. Members will show each role before anything is changed, so you can import new roles, skip roles, overwrite existing roles, or import conflicting roles under a new slug. Protected roles, such as the built-in Administrator role, your current role, and the site’s default role, cannot be overwritten or renamed.

Requisitos PHP mínimos.

Ahora Members necesita PHP 7.4 o superior

No puedo acceder a las utilidades del “Gestor de perfiles”.

When the plugin is first activated, it runs a script that sets specific capabilities to the “Administrator” role on your site that grants you access to this feature. So, you must be logged in with the administrator account to access the role manager.

Si, por algún motivo, tienes perfil de administrador y a pesar de ello no puedes acceder al gestor de perfiles, desactiva el plugin. A continuación vuelve a activarlo.

En multisitio, ¿por qué los administradores no pueden gestionar perfiles?

If you have a multisite installation, only Super Admins can create, edit, and delete roles by default. This is a security measure to make sure that you absolutely trust sub-site admins to make these types of changes to roles. If you’re certain you want to allow this, add the Create Roles (create_roles), Edit Roles (edit_roles), and/or Delete Roles (delete_roles) capabilities to the role on each sub-site where you want to allow this.

How do I use Administrator Rescue (Magic Link) if I’m locked out?

If you can no longer access the WordPress admin (for example, after changing your role or capabilities), you can restore your Administrator access yourself:

  1. Go to your site’s login page: yoursite.com/wp-login.php
  2. In the address bar, add ?action=members_rescue so the URL is: yoursite.com/wp-login.php?action=members_rescue
  3. Enter the email address of an account that has (or had) the built-in Administrator role, or is a Super Admin (multisite).
  4. Click “Send Rescue Link”. If that account is eligible, a secure link will be sent to that email (you may need to check spam).
  5. Open the link from the email within 15 minutes. Your Administrator role and Members capabilities will be restored, and you’ll be redirected to the login page to sign in.

Only users with the built-in WordPress “Administrator” role (or Super Admins on multisite) can use this feature; custom or cloned roles are not eligible. The link expires after 15 minutes and is limited to a few attempts per IP to prevent abuse.

¡Ayuda ¡Me he bloqueado a mi mismo en mi sitio!

Please read the documentation for the plugin before actually using it, especially a plugin that controls permissions for your site. We cannot stress this enough. This is a powerful plugin that allows you to make direct changes to roles and capabilities in the database.

If you have the built-in Administrator role (or are a Super Admin on multisite) but lost access to the admin (e.g. after editing roles), try the Administrator Rescue (Magic Link) first: go to yoursite.com/wp-login.php?action=members_rescue, enter your admin email, and use the link we send you to restore access.

If that doesn’t apply or didn’t work, stop by our support forums to see if we can help. Your web host may also be able to restore your site from a recent backup, but we only recommend that as a last resort, as it could mean losing work or members added since the backup.

Reseñas

Image
7 de Julio de 2026
I do digital support for an arts institution that uses our website to sell tickets to events. We’ve been using Members for four years with no problem when all of a sudden our calendar went down, with no event appearing anywhere. Our web developer tracked it down to a Members option to hide protected posts from the REST API, which effectively was everything on our calendar. I don’t know if this is a new option that just was added during an update or if something caused it to flip on all of a sudden, but it took a long time to work out the issue, given that deep in the settings for a back-end permissions plug in is about the last place I’d look for this type of issue. I would love to hear an explanation as to what happened but until I do, I would recommend no one use a product that would do something this thoughtless.
Image
29 de Junio de 2026
When I first downloaded the free plugin, I was a bit skeptical that it would do what I needed it to, but I was pleasantly surprised to find out this plugin is AMAZING! It is really simple to use, letting you set up exactly what each user is permitted to do. It does its job very well, and is just all around a VERY good plugin. Well done, Devs!!
Image
19 de Junio de 2026
So glad there are developers hanging in there and keeping their plugins updated in spite of what Matt has done to discourage the ecospace he created. This is a free plugin that does what we need it to do. Thank you very much to Blair Williams.
Image
24 de Mayo de 2026
Thanks to your plugin i have been able to create a very manageable website.
Leer los 1,263 comentarios

Colaboradores & Desarrolladores

“Members – Membership & User Role Editor Plugin” es software de código abierto. Las siguientes personas han contribuido a este plugin.

Colaboradores

“Members – Membership & User Role Editor Plugin” ha sido traducido en 21 idiomas. Gracias a los traductores por sus contribuciones.

Traduce “Members – Membership & User Role Editor Plugin” a tu idioma.

¿Interesado en el desarrollo?

Revisa el código, echa un vistazo al repositorio SVN, o suscríbete al registro de desarrollo por RSS .

Historial de cambios

3.2.26

  • Fixed: On the user profile / edit-user screen with Multiple User Roles enabled, the role checkboxes could appear to have no checkmark — looking “unresponsive” — when another plugin’s admin CSS overrode core checkbox styles (e.g. line-height: 0). The checkboxes always toggled and saved; only the checkmark was hidden. The Members role checkboxes now defensively assert their own rendering so the checkmark shows regardless of such global overrides.
  • Fixed: Hardened the Multiple User Roles save against a possible PHP 8 TypeError from malformed submitted role data (a nested array reaching members_sanitize_role()).

3.2.25

  • Fixed: Saving a post via the REST API as a user without the restrict_content capability (e.g. custom roles, Gutenberg + ACF Pro) failed with “Sorry, you are not allowed to edit the _members_access_role custom field,” and silently dropped other meta such as ACF fields. The request pre-processor was hooked to a non-existent action (rest_before_insert_{$post_type}) so it never ran; it now correctly strips the Content Permissions meta keys for users who cannot manage them, before the save.
  • Fixed: The REST protected-posts exclusion scoped its restriction lookup to the queried post type, so posts inheriting a restriction from an ancestor of a different post type were not excluded, making X-WP-Total / pagination counts inaccurate. All restriction roots are now considered regardless of post type.
  • Fixed: Content Permissions role configuration and the custom error message were visible in REST API responses to any user who could read the post (registered meta is readable regardless of its write auth callback). Both meta keys are now blanked to their empty defaults in REST responses for users who cannot manage content permissions.
  • Fixed: Comments on role-protected posts were fully readable — bodies, author names, dates — via the REST API comments endpoint (/wp/v2/comments), including by anonymous visitors. Comment collections now exclude protected posts and single-comment reads are denied for users who cannot view the post.
  • Fixed: With “Hide protected posts from REST API” enabled, hidden posts remained enumerable by ID — a single-item GET (/wp/v2/posts/ID) returned a 200 response exposing the title, slug, date, and author. Hidden posts now return the same 404 as a nonexistent ID.
  • Fixed: A crafted form submission with nested array values could cause a PHP 8 TypeError fatal in the classic Content Permissions meta box save.
  • Fixed: Evaluating protected posts for the REST exclusion no longer triggers the legacy _role meta conversion, which performed database writes during unauthenticated GET requests and could destructively migrate _role postmeta belonging to unrelated plugins. The evaluation is now read-only and also guards against posts of unregistered post types (previously a source of PHP warnings).
  • Fixed: The block editor “Error Message” field in the Content Permissions panel was a rich-text control used outside a block context, so it silently ignored Enter and formatting — a multi-line message could not be entered. It is now a standard multi-line text field.
  • Fixed: Opening a brand-new post in the block editor marked it as having unsaved changes before the user touched anything, because default roles were written to post meta on load. Default roles are now shown pre-selected without dirtying the editor, and persist normally once the post is edited.
  • Fixed: Content Permissions REST meta and its block editor save now also register on rest_api_init, so post types registered later than other plugins/themes no longer show a Content Permissions panel that fails to save.
  • Fixed: Content Permissions can once again be enabled for attachments via the members_enable_attachment_content_permissions filter (a 3.2.22 change returned early for attachments before the filter ran).
  • Fixed: Saving the classic Content Permissions meta box no longer drops stored roles that were hidden from the checklist by the members_wp_roles filter; those roles are now preserved like deleted-role (orphan) slugs.
  • Changed: The REST protected-posts exclusion scopes its permission checks to the queried post type(s) — restriction roots of other post types are only evaluated when they can actually pass a restriction down to the queried type — computes its hidden-post list once per request per user and type combination, primes caches in bounded chunks, and no longer walks post revisions when expanding inherited restrictions.

3.2.24

  • Fixed: Content Permissions could not be saved via the REST API (block editor, Elementor, and other page builders) in 3.2.23, failing with “Sorry, you are not allowed to edit the _members_access_role custom field.” The meta auth callback wrongly honored WordPress’ default deny for protected meta keys, blocking every user including administrators.
  • Fixed: The 3.2.23 REST protected-posts exclusion (CVE-2026-12426 fix) generated deeply nested correlated subqueries that caused severe database load and timeouts on large sites. It is now resolved to a flat list of excluded IDs computed in PHP.
  • Fixed: The same REST exclusion query could exceed MySQL’s join/subquery limits and return zero posts even when nothing was restricted. Pagination counts remain accurate and the side channel stays closed.

3.2.23

  • Fixed: Unauthenticated sensitive information disclosure via a REST API pagination side channel (CVE-2026-12426). Protected posts are now excluded from REST queries at the SQL level so the result counts and pagination headers no longer reveal hidden posts.
  • Fixed: REST API and block editor hangs when saving posts that use content permissions. Content permissions handling in the block editor was reworked for reliable saving.
  • Fixed: Custom capability creation could break when a role’s hidden capabilities were not stored as an array.
  • Fixed: Trailing space in the members_show_roles_page_cap filter name that prevented the filter from ever firing.
  • Changed: Optimized role user counting on sites with large numbers of users to reduce database load.
  • Changed: Refactored the login widget to use get_current_user_id() for improved security and maintainability.

3.2.22

  • Added import/export feature
  • Added capabilities search
  • Ensure WP 7.0 Compat

3.2.21

  • Fixed: Privacy Caps add-on not granting privacy capabilities to administrators on fresh activations
  • Removed: Legacy standalone-plugin code from bundled add-ons (dead activation hooks, obsolete build scripts, orphaned readme/uninstall files)

3.2.20

  • Added: Reset roles
  • Added: Add rescue link for Administrator roles only
  • Changed: Refreshed branding with updated WordPress.org banner and icon assets, header SVG, and logo
  • Changed: Updated About page design
  • Changed: Optimized role user count retrieval using transients for improved performance
  • Fixed: Missing header banner on some admin pages
  • Removed: Bundled POT file (translations now delivered via WordPress.org language packs)

3.2.19

  • Fixed: Added support for WF 2FA error messages
  • Fixed: Missing “you are already logged in” string
  • Fixed: Add-on page RTL CSS fix
  • Fixed: Block permissions fixes
  • Fixed: Fix redirect_to issue on shortcode
  • Fixed: Other minor bugfixes

3.2.18

  • Fixed: Add-on activate toggle display issue on narrow screens
  • Fixed: Login error redirection
  • Fixed: Outdated Login form styling
  • Fixed: Allow changing display name for some Roles

3.2.17

  • Added: Bulk select/unselect checkboxes on Role capabilities

3.2.16

  • Fixed: Protected posts being forced-hidden from API search even if setting was off

3.2.15

  • Added: Growth Tools menu item
  • Fixed: Translation errors
  • Fixed: Styles and formatting on add-ons and about pages

3.2.14

  • Fixed: Error in REST API calls when posts results not an array

3.2.12

  • Fixed: Cleaned up prior author name and links
  • Fixed: Cleaned up broken or incorrect links
  • Fixed: Removed some unnecessary files
  • Fixed: Incorrect gettext calls
  • Fixed: Removed unneeded load_plugin_textdomain calls
  • Fixed: Updated POT translation file

3.2.11

  • Fixed: Translation warnings after WP 6.7
  • Fixed: Add option to hide protected content from REST API searches
  • Fixed: Add support for Loco Translate plugin (via new loco.xml file)

3.2.10

  • Fixed: Capability checks on AJAX calls
  • Fixed: PHP warning for $wp_embed
  • Changed: Now requires PHP 7.4 minimum

3.2.9

  • Fixed: PHP 8.1 deprecation notice on ACF integration (props @DSGND)

3.2.8

  • Added: members_wp_roles filter to WP roles in Content Permission box
  • Fixed: Content Permission icon in Panel block
  • Fixed: Position of Field Group menu item in ACF

3.2.6-7

  • Fixed: PHP 8+ compatibility
  • Added: members_show_roles_page_cap filter for edit_roles_cap
  • Fixed: Improperly named variable

3.2.5

  • Fixed: WP Cron task for in-plugin notifications running unnecessarily

3.2.4

  • Fixed: More package deployment fixes

3.2.3

  • Added: Footer with helpful links
  • Fixed: Package files deployed unnecessarily
  • Fixed: Debug warnings
  • Fixed: Correct bootstrap file required

3.2.2

  • Fixed: Undefined index notice

3.2.1

  • Fixed: Uncaught TypeError: in_array()

3.2.0

  • Added: Members Notifications
  • Changed: Converted jQuery.fn.click() (deprecated) to jQuery.fn.on('click')
  • Changed: Replaced references to Affiliate Royale with Easy Affiliate
  • Changed: WP Tested Up To version (5.9)

3.1.7

  • Fixed: Hierarchical roles missing settings
  • Changed: Refactored checks for whether MemberPress is active; added members_is_memberpress_active()
  • Changed: “Paid Memberships” section of Content Permissions meta box should not show when MemberPress is active
  • Changed: Wording from “Upgrade to MemberPress” to “Add MemberPress”

3.1.6

  • Added: “Miscellaneous” settings section
  • Added: “Disable Review Prompt” setting to permanently remove the review prompt
  • Added: MEMBERS_DISABLE_REVIEW_PROMPT constant to permanently remove the review prompt
  • Changed: WP Tested Up To version (5.8)
  • Fixed: Using transients for review prompt caused the prompt to persist when dismissed; switched to using options instead
  • Fixed: Users widget not working in new block-based widgets editor

3.1.5

  • Fixed: Block permissions not working for nested blocks (e.g. columns)

3.1.4

  • Changed: Converted instance of wp.editor to wp.blockEditor
  • Changed: Check for MemberPress constant instead of using is_plugin_active()
  • Fixed: Compatibility for PHP 8

3.1.3

  • Changed: Disabled Content Permissions side meta box
  • Fixed: Issue with comma-separated roles that include spaces

3.1.2

  • Fixed: Review prompt should only show to admins

3.1.1

  • Changed: Admin UI cleanup

3.1.0

  • Changed: Admin UI
  • Fixed: Issue with custom capabilities not saving to custom roles

3.0.10

  • Fixed: Users who can promote should be able to assign roles to their own account

3.0.9

  • Fixed: ACF integration trying to bump priority on ACF menu

3.0.8

  • Fixed: Settings page error

3.0.7

  • Fixed: Issues related to translated admin menu slug

3.0.6

  • Fixed: Settings page throwing error on non-English sites

3.0.5

  • Fixed: Collapse Permissions block editor section by default

3.0.4

  • Added: Filter for applying custom validation to settings
  • Fixed: Inaccessible settings page in Admin Access

3.0.3

  • Changed: Display icons using file_get_contents() instead of include() to prevent executing them as PHP
  • Fixed: PHP warnings being thrown
  • Fixed: Make sure admin menu is always accessible

3.0.2

  • Fixed: Minimized SVG icons to fix issues with parsing them

3.0.1

  • Fixed: Some JS and image files weren’t checked in via SVN; bumped version to add them

3.0

  • Added: Rolled all add-ons into core
  • Changed: Consolidated all Members-related settings under one admin menu item
  • Changed: Made login and user widgets enabled by default, and removed settings