WordPress.org

Plugin Directory

Members – メンバーシップ & ユーザー権限グループのエディタープラグイン

Members – メンバーシップ & ユーザー権限グループのエディタープラグイン

説明

Members は権限グループと権限をベースにした、WordPress メンバーシッププラグインです。権限グループや権限を追加し、ユーザーに割り当てる強力なツールを提供することで、ユーザーに究極のメンバー体験を提供します。

従来 WordPress の強力な権限グループと権限のシステムは、コーディングに精通した開発者のみが利用可能でした。Members は、そのシステム用のシンプルなユーザーインターフェース (UI) を提供し、サイト上のコンテンツを制限する権限を設定できるようにしました。

プラグインの機能

  • 権限グループエディター: 権限グループとその権限を編集、作成、削除できます。
  • 複数のユーザー権限グループ: どのユーザーにも1つ、2つ、またはそれ以上の権限グループを付与することができます。
  • 明示的に権限を拒否: 特定のユーザー権限グループに対して、特定の権限を拒否します。
  • 権限グループを複製: 既存の権限グループを複製して、新しい権限グループを作成します。
  • Role Import / Export: Export all roles and Members settings to a JSON file, export selected roles from the roles table, and preview imported roles before choosing whether to import, skip, overwrite, or rename each one.
  • コンテンツの権限 / 制限されたコンテンツ: (権限グループごとに) どのユーザーが投稿コンテンツにアクセスできるかを決定し、コンテンツを保護します。
  • ショートコード: コンテンツにアクセスできるユーザーをコントロールするショートコード。
  • ウィジェット: テーマのサイドバーに表示するログインフォームウィジェットとユーザーウィジェット。
  • プライベートサイト: 希望する場合、サイトとフィードを完全に非公開にすることができます。
  • Administrator Rescue (Magic Link): If you lose access to the WordPress admin (e.g. after editing roles), you can request a secure, time-limited link by email to restore your Administrator role and Members capabilities—no support ticket or database access required.
  • プラグインの統合: Members は他の WordPress 開発者からも高く評価されています。多くの既存のプラグインが、カスタムの権限グループと権限を Members に直接統合しています。

MemberPress とのシームレスな統合

有料メンバーシップを作成してメンバーシップサイトのビジネスを展開したい場合、MemberPress を利用するのが最善です。Members と MemberPress は連携して究極のメンバー体験を提供し、お客様が WordPress の素晴らしいメンバーシップサイトを立ち上げて収益を獲得できるようお手伝いをします !

すべてのアドオンを利用可能

Members のすべてのアドオンが完全に無料で含まれるようになりました ! Members に追加された素晴らしい機能の一部をご紹介します。

  • ブロック権限: ユーザーのログイン状態、ユーザーの権限グループや権限に基づいて、サイトオーナーがブロックを非表示または表示できるようにします。
  • プライバシー権限: WordPress のプライバシーと個人データ機能 (GDPR) をコントロールする追加の権限を作成します。
  • 管理者アクセス: 権限グループを使用して、WordPress 管理画面にアクセスできるユーザーをサイト管理者がコントロールできるようにします。
  • コア作成権限: 投稿やページに create_posts 権限と create_pages 権限を追加し、これらを対応する edit_* 権限から分離することで、より柔軟な編集権限を提供します。
  • カテゴリーとタグの権限: カテゴリーとタグの権限アドオンは、コアカテゴリーと投稿タグタクソノミーのカスタム権限を作成します。これにより、サイトオーナーはカテゴリーやタグの管理、編集、削除、割り当てを行うユーザーを正確にコントロールできます。
  • 権限グループレベル: 古いユーザーレベルシステムを公開し、割り当てられたレベルのいずれかの権限グループをユーザーが持たない場合に WordPress の作者ドロップダウンのバグを修正します。
  • 権限グループ階層: 階層的な権限グループシステムを作成します。
  • ACF の統合: Members プラグインで管理するための Advanced Custom Fields (ACF) プラグインのカスタム権限を作成します。
  • EDD の統合: Easy Digital Downloads プラグインの権限を Members プラグインの権限グループマネージャーに統合します。
  • GiveWP の統合: GiveWP および GiveWP Recurring Donations プラグインの権限を Members プラグインの権限グループマネージャーに統合します。
  • Meta Box の統合: Meta Box プラグインの権限を Members プラグインの権限グループマネージャーに統合します。
  • WooCommerce の統合: WooCommerce プラグインの権限を Members プラグインの権限グループマネージャーに統合します。

詳しくは、Members プラグインのホームページをご覧ください。

このプラグインをお気に入りいただけましたか ?

Members プラグインは、1,000行ものコードを管理する大規模なプロジェクトです。メジャーアップデートには数週間から数か月かかることもあります。他の似たようなプラグインはダウンロードや更新に多額の費用がかかりますが、私たちはこのプラグインから直接収益を得ていません。ぜひ以下の方法でこのプラグインにご協力ください。

Documentation

Read the full documentation

Support

If you need plugin support from us, you can visit our support page.

プラグイン開発

テーマやプラグインの作成者、あるいはコードに興味のある方であれば、GitHub のリポジトリでこのプラグインの開発をフォローすることができます。

スクリーンショット

インストール

  1. wp-content/plugins/ ディレクトリに members をアップロードします。
  2. WordPress の「プラグイン」メニューからプラグインを有効化してください。
  3. 「設定 > Members」で、使用する設定を選択します。

より詳しい説明はプラグインの readme.html ファイルに含まれています。

FAQ

このプラグインが作成された理由を教えてください。

私自身が、現在利用できるユーザー、権限グループ、権限プラグインに、満足していませんでした。良いプラグインも確かにありますが、私が考えていたものにぴったり合うプラグインはありませんでした。わずかな機能しかなかったり、完全に WordPress API の外部で動作するものだったり、GPL ライセンスがないプラグインもありました。

だからこそ、自分が実際に使って楽しいものを作成したのです。

What’s the difference between Members and MemberPress?

Members and MemberPress solve different problems and are designed to work together.

Members is a free roles and capabilities plugin. It gives you a UI on top of WordPress’ native roles and capabilities system so you can create and edit roles, assign multiple roles to users, and restrict content by role or capability. It’s the right tool when you need to control who can do what inside your site—dashboard access, content permissions, and capability management—without charging for access.

MemberPress is a premium, all-in-one WordPress membership platform built for monetization and much more. In addition to paid subscriptions, payment processing (Stripe, PayPal, and more), recurring billing, coupons, and drip content, MemberPress also includes:

  • Courses — a built-in LMS for creating and selling online courses with lessons, quizzes, and progress tracking.
  • CoachKit — tools for running coaching programs, including milestones, habits, and client check-ins.
  • Community Groups — private member communities and discussion spaces tied to your memberships.
  • Member Profiles & Directories — customizable front-end profiles and searchable member directories.
  • Email marketing integrations, affiliate program support, and many more premium features.

It’s the right tool when you need to sell access to content, courses, coaching, or communities—and grow a full membership business around it.

The two plugins are complementary, not competing. Many sites use Members for fine-grained role and capability management alongside MemberPress for everything membership-business related. For a full side-by-side comparison, see Members vs MemberPress.

どのように使えばよいですか ?

Most things should be fairly straightforward, but you can also view the docs online.

Can I move roles between sites?

Yes. On the Roles screen, use Export All to download a JSON file containing every role, its capabilities, and your Members plugin settings. To export only some roles, select them in the roles table and choose Export from the Bulk Actions menu.

To import roles, upload a Members export JSON file from the same screen and click Upload and Preview. Members will show each role before anything is changed, so you can import new roles, skip roles, overwrite existing roles, or import conflicting roles under a new slug. Protected roles, such as the built-in Administrator role, your current role, and the site’s default role, cannot be overwritten or renamed.

PHP の最小要件を教えてください。

Members には PHP 7.4以上が必須になりました

「権限グループマネージャー」の機能にアクセスできません。

プラグインが最初に有効化されるとき、この機能へのアクセスを付与するため、特定の権限をサイトの「管理者」権限グループに設定するスクリプトが実行されます。そのため、権限グループマネージャーにアクセスするには、管理者アカウントでログインする必要があります。

何らかの理由で管理者権限を持っているにもかかわらず、権限グループマネージャーにアクセスできない場合は、プラグインを無効化してから、もう一度有効化してください。

マルチサイトでは、管理者はなぜ権限グループを管理できないのでしょうか ?

マルチサイトインストールの場合、初期設定では特権管理者だけが権限グループを作成、編集、削除できます。これは、サブサイトの管理者によってこのような権限グループの変更が行なわれる際にその管理者を絶対的に信用できることを確認するためのセキュリティ対策です。これを本当に許可したい場合は、許可したい各サブサイトの権限グループに、権限グループの作成 (create_roles)、権限グループの編集 (edit_roles)、および権限グループの削除 (delete_roles) 権限、またはそのいずれかを追加します。

How do I use Administrator Rescue (Magic Link) if I’m locked out?

If you can no longer access the WordPress admin (for example, after changing your role or capabilities), you can restore your Administrator access yourself:

  1. Go to your site’s login page: yoursite.com/wp-login.php
  2. In the address bar, add ?action=members_rescue so the URL is: yoursite.com/wp-login.php?action=members_rescue
  3. Enter the email address of an account that has (or had) the built-in Administrator role, or is a Super Admin (multisite).
  4. Click “Send Rescue Link”. If that account is eligible, a secure link will be sent to that email (you may need to check spam).
  5. Open the link from the email within 15 minutes. Your Administrator role and Members capabilities will be restored, and you’ll be redirected to the login page to sign in.

Only users with the built-in WordPress “Administrator” role (or Super Admins on multisite) can use this feature; custom or cloned roles are not eligible. The link expires after 15 minutes and is limited to a few attempts per IP to prevent abuse.

自分のサイトからロックアウトされてしまいました !

Please read the documentation for the plugin before actually using it, especially a plugin that controls permissions for your site. We cannot stress this enough. This is a powerful plugin that allows you to make direct changes to roles and capabilities in the database.

If you have the built-in Administrator role (or are a Super Admin on multisite) but lost access to the admin (e.g. after editing roles), try the Administrator Rescue (Magic Link) first: go to yoursite.com/wp-login.php?action=members_rescue, enter your admin email, and use the link we send you to restore access.

If that doesn’t apply or didn’t work, stop by our support forums to see if we can help. Your web host may also be able to restore your site from a recent backup, but we only recommend that as a last resort, as it could mean losing work or members added since the backup.

評価

2026年7月14日
Works and makes protecting content through MemberPress much simpler.
2026年7月14日
Leicht, effizient. Zumindest für schnelle, umsetzbare Lösungen die funktionieren und keinen “Stress” machen. Für größere Einsätze habe ich es noch nicht getestet.
2026年7月7日
I do digital support for an arts institution that uses our website to sell tickets to events. We’ve been using Members for four years with no problem when all of a sudden our calendar went down, with no event appearing anywhere. Our web developer tracked it down to a Members option to hide protected posts from the REST API, which effectively was everything on our calendar. I don’t know if this is a new option that just was added during an update or if something caused it to flip on all of a sudden, but it took a long time to work out the issue, given that deep in the settings for a back-end permissions plug in is about the last place I’d look for this type of issue. I would love to hear an explanation as to what happened but until I do, I would recommend no one use a product that would do something this thoughtless.
2026年6月29日
When I first downloaded the free plugin, I was a bit skeptical that it would do what I needed it to, but I was pleasantly surprised to find out this plugin is AMAZING! It is really simple to use, letting you set up exactly what each user is permitted to do. It does its job very well, and is just all around a VERY good plugin. Well done, Devs!!
2026年6月19日
So glad there are developers hanging in there and keeping their plugins updated in spite of what Matt has done to discourage the ecospace he created. This is a free plugin that does what we need it to do. Thank you very much to Blair Williams.
1,265件のレビューをすべて表示

貢献者と開発者

Members – メンバーシップ & ユーザー権限グループのエディタープラグイン はオープンソースソフトウェアです。以下の人々がこのプラグインに貢献しています。

貢献者

“Members – メンバーシップ & ユーザー権限グループのエディタープラグイン” は21ロケールに翻訳されています。 翻訳者のみなさん、翻訳へのご協力ありがとうございます。

“Members – メンバーシップ & ユーザー権限グループのエディタープラグイン” をあなたの言語に翻訳しましょう。

開発に興味がありますか ?

コードを閲覧するか、SVN リポジトリをチェックするか、開発ログRSS で購読してみてください。

変更履歴

3.2.26

  • Fixed: On the user profile / edit-user screen with Multiple User Roles enabled, the role checkboxes could appear to have no checkmark — looking “unresponsive” — when another plugin’s admin CSS overrode core checkbox styles (e.g. line-height: 0). The checkboxes always toggled and saved; only the checkmark was hidden. The Members role checkboxes now defensively assert their own rendering so the checkmark shows regardless of such global overrides.
  • Fixed: Hardened the Multiple User Roles save against a possible PHP 8 TypeError from malformed submitted role data (a nested array reaching members_sanitize_role()).

3.2.25

  • Fixed: Saving a post via the REST API as a user without the restrict_content capability (e.g. custom roles, Gutenberg + ACF Pro) failed with “Sorry, you are not allowed to edit the _members_access_role custom field,” and silently dropped other meta such as ACF fields. The request pre-processor was hooked to a non-existent action (rest_before_insert_{$post_type}) so it never ran; it now correctly strips the Content Permissions meta keys for users who cannot manage them, before the save.
  • Fixed: The REST protected-posts exclusion scoped its restriction lookup to the queried post type, so posts inheriting a restriction from an ancestor of a different post type were not excluded, making X-WP-Total / pagination counts inaccurate. All restriction roots are now considered regardless of post type.
  • Fixed: Content Permissions role configuration and the custom error message were visible in REST API responses to any user who could read the post (registered meta is readable regardless of its write auth callback). Both meta keys are now blanked to their empty defaults in REST responses for users who cannot manage content permissions.
  • Fixed: Comments on role-protected posts were fully readable — bodies, author names, dates — via the REST API comments endpoint (/wp/v2/comments), including by anonymous visitors. Comment collections now exclude protected posts and single-comment reads are denied for users who cannot view the post.
  • Fixed: With “Hide protected posts from REST API” enabled, hidden posts remained enumerable by ID — a single-item GET (/wp/v2/posts/ID) returned a 200 response exposing the title, slug, date, and author. Hidden posts now return the same 404 as a nonexistent ID.
  • Fixed: A crafted form submission with nested array values could cause a PHP 8 TypeError fatal in the classic Content Permissions meta box save.
  • Fixed: Evaluating protected posts for the REST exclusion no longer triggers the legacy _role meta conversion, which performed database writes during unauthenticated GET requests and could destructively migrate _role postmeta belonging to unrelated plugins. The evaluation is now read-only and also guards against posts of unregistered post types (previously a source of PHP warnings).
  • Fixed: The block editor “Error Message” field in the Content Permissions panel was a rich-text control used outside a block context, so it silently ignored Enter and formatting — a multi-line message could not be entered. It is now a standard multi-line text field.
  • Fixed: Opening a brand-new post in the block editor marked it as having unsaved changes before the user touched anything, because default roles were written to post meta on load. Default roles are now shown pre-selected without dirtying the editor, and persist normally once the post is edited.
  • Fixed: Content Permissions REST meta and its block editor save now also register on rest_api_init, so post types registered later than other plugins/themes no longer show a Content Permissions panel that fails to save.
  • Fixed: Content Permissions can once again be enabled for attachments via the members_enable_attachment_content_permissions filter (a 3.2.22 change returned early for attachments before the filter ran).
  • Fixed: Saving the classic Content Permissions meta box no longer drops stored roles that were hidden from the checklist by the members_wp_roles filter; those roles are now preserved like deleted-role (orphan) slugs.
  • Changed: The REST protected-posts exclusion scopes its permission checks to the queried post type(s) — restriction roots of other post types are only evaluated when they can actually pass a restriction down to the queried type — computes its hidden-post list once per request per user and type combination, primes caches in bounded chunks, and no longer walks post revisions when expanding inherited restrictions.

3.2.24

  • Fixed: Content Permissions could not be saved via the REST API (block editor, Elementor, and other page builders) in 3.2.23, failing with “Sorry, you are not allowed to edit the _members_access_role custom field.” The meta auth callback wrongly honored WordPress’ default deny for protected meta keys, blocking every user including administrators.
  • Fixed: The 3.2.23 REST protected-posts exclusion (CVE-2026-12426 fix) generated deeply nested correlated subqueries that caused severe database load and timeouts on large sites. It is now resolved to a flat list of excluded IDs computed in PHP.
  • Fixed: The same REST exclusion query could exceed MySQL’s join/subquery limits and return zero posts even when nothing was restricted. Pagination counts remain accurate and the side channel stays closed.

3.2.23

  • Fixed: Unauthenticated sensitive information disclosure via a REST API pagination side channel (CVE-2026-12426). Protected posts are now excluded from REST queries at the SQL level so the result counts and pagination headers no longer reveal hidden posts.
  • Fixed: REST API and block editor hangs when saving posts that use content permissions. Content permissions handling in the block editor was reworked for reliable saving.
  • Fixed: Custom capability creation could break when a role’s hidden capabilities were not stored as an array.
  • Fixed: Trailing space in the members_show_roles_page_cap filter name that prevented the filter from ever firing.
  • Changed: Optimized role user counting on sites with large numbers of users to reduce database load.
  • Changed: Refactored the login widget to use get_current_user_id() for improved security and maintainability.

3.2.22

  • Added import/export feature
  • Added capabilities search
  • Ensure WP 7.0 Compat

3.2.21

  • Fixed: Privacy Caps add-on not granting privacy capabilities to administrators on fresh activations
  • Removed: Legacy standalone-plugin code from bundled add-ons (dead activation hooks, obsolete build scripts, orphaned readme/uninstall files)

3.2.20

  • Added: Reset roles
  • Added: Add rescue link for Administrator roles only
  • Changed: Refreshed branding with updated WordPress.org banner and icon assets, header SVG, and logo
  • Changed: Updated About page design
  • Changed: Optimized role user count retrieval using transients for improved performance
  • Fixed: Missing header banner on some admin pages
  • Removed: Bundled POT file (translations now delivered via WordPress.org language packs)

3.2.19

  • Fixed: Added support for WF 2FA error messages
  • Fixed: Missing “you are already logged in” string
  • Fixed: Add-on page RTL CSS fix
  • Fixed: Block permissions fixes
  • Fixed: Fix redirect_to issue on shortcode
  • Fixed: Other minor bugfixes

3.2.18

  • Fixed: Add-on activate toggle display issue on narrow screens
  • Fixed: Login error redirection
  • Fixed: Outdated Login form styling
  • Fixed: Allow changing display name for some Roles

3.2.17

  • Added: Bulk select/unselect checkboxes on Role capabilities

3.2.16

  • Fixed: Protected posts being forced-hidden from API search even if setting was off

3.2.15

  • Added: Growth Tools menu item
  • Fixed: Translation errors
  • Fixed: Styles and formatting on add-ons and about pages

3.2.14

  • Fixed: Error in REST API calls when posts results not an array

3.2.12

  • Fixed: Cleaned up prior author name and links
  • Fixed: Cleaned up broken or incorrect links
  • Fixed: Removed some unnecessary files
  • Fixed: Incorrect gettext calls
  • Fixed: Removed unneeded load_plugin_textdomain calls
  • Fixed: Updated POT translation file

3.2.11

  • Fixed: Translation warnings after WP 6.7
  • Fixed: Add option to hide protected content from REST API searches
  • Fixed: Add support for Loco Translate plugin (via new loco.xml file)

3.2.10

  • Fixed: Capability checks on AJAX calls
  • Fixed: PHP warning for $wp_embed
  • Changed: Now requires PHP 7.4 minimum

3.2.9

  • Fixed: PHP 8.1 deprecation notice on ACF integration (props @DSGND)

3.2.8

  • Added: members_wp_roles filter to WP roles in Content Permission box
  • Fixed: Content Permission icon in Panel block
  • Fixed: Position of Field Group menu item in ACF

3.2.6-7

  • Fixed: PHP 8+ compatibility
  • Added: members_show_roles_page_cap filter for edit_roles_cap
  • Fixed: Improperly named variable

3.2.5

  • Fixed: WP Cron task for in-plugin notifications running unnecessarily

3.2.4

  • Fixed: More package deployment fixes

3.2.3

  • Added: Footer with helpful links
  • Fixed: Package files deployed unnecessarily
  • Fixed: Debug warnings
  • Fixed: Correct bootstrap file required

3.2.2

  • Fixed: Undefined index notice

3.2.1

  • Fixed: Uncaught TypeError: in_array()

3.2.0

  • Added: Members Notifications
  • Changed: Converted jQuery.fn.click() (deprecated) to jQuery.fn.on('click')
  • Changed: Replaced references to Affiliate Royale with Easy Affiliate
  • Changed: WP Tested Up To version (5.9)

3.1.7

  • Fixed: Hierarchical roles missing settings
  • Changed: Refactored checks for whether MemberPress is active; added members_is_memberpress_active()
  • Changed: “Paid Memberships” section of Content Permissions meta box should not show when MemberPress is active
  • Changed: Wording from “Upgrade to MemberPress” to “Add MemberPress”

3.1.6

  • Added: “Miscellaneous” settings section
  • Added: “Disable Review Prompt” setting to permanently remove the review prompt
  • Added: MEMBERS_DISABLE_REVIEW_PROMPT constant to permanently remove the review prompt
  • Changed: WP Tested Up To version (5.8)
  • Fixed: Using transients for review prompt caused the prompt to persist when dismissed; switched to using options instead
  • Fixed: Users widget not working in new block-based widgets editor

3.1.5

  • Fixed: Block permissions not working for nested blocks (e.g. columns)

3.1.4

  • Changed: Converted instance of wp.editor to wp.blockEditor
  • Changed: Check for MemberPress constant instead of using is_plugin_active()
  • Fixed: Compatibility for PHP 8

3.1.3

  • Changed: Disabled Content Permissions side meta box
  • Fixed: Issue with comma-separated roles that include spaces

3.1.2

  • Fixed: Review prompt should only show to admins

3.1.1

  • Changed: Admin UI cleanup

3.1.0

  • Changed: Admin UI
  • Fixed: Issue with custom capabilities not saving to custom roles

3.0.10

  • Fixed: Users who can promote should be able to assign roles to their own account

3.0.9

  • Fixed: ACF integration trying to bump priority on ACF menu

3.0.8

  • Fixed: Settings page error

3.0.7

  • Fixed: Issues related to translated admin menu slug

3.0.6

  • Fixed: Settings page throwing error on non-English sites

3.0.5

  • Fixed: Collapse Permissions block editor section by default

3.0.4

  • Added: Filter for applying custom validation to settings
  • Fixed: Inaccessible settings page in Admin Access

3.0.3

  • Changed: Display icons using file_get_contents() instead of include() to prevent executing them as PHP
  • Fixed: PHP warnings being thrown
  • Fixed: Make sure admin menu is always accessible

3.0.2

  • Fixed: Minimized SVG icons to fix issues with parsing them

3.0.1

  • Fixed: Some JS and image files weren’t checked in via SVN; bumped version to add them

3.0

  • Added: Rolled all add-ons into core
  • Changed: Consolidated all Members-related settings under one admin menu item
  • Changed: Made login and user widgets enabled by default, and removed settings