描述
Media Restriction is a lightweight and powerful WordPress plugin that gives site admins full control over who can see what in the Media Library. Restrict access by user role so that users only see their own uploads, exclude trusted individuals from the restriction, and keep a full audit trail of every upload, deletion, and library view — all from a clean, modern settings panel.
Whether you manage a multi-author blog, an online course platform, a membership site, or a client project — Media Restriction ensures your media library stays tidy, private, and secure.
What makes v2.0.0 different:
Version 2.0.0 is a complete rebuild. The settings page has been redesigned with a tabbed interface and instant role toggles (no page reloads). A new Activity Log records every media event with user, file name, IP address, and timestamp. REST API protection closes the Gutenberg and headless bypass that most similar plugins miss entirely. And a critical bug affecting excluded users in the grid view has been resolved.
🌟 Features
Core restriction
✅ Restrict media library access by user role
✅ Works in both grid view (media modal) and list view (Media Library screen)
✅ Administrators always have full access — no configuration needed
✅ Exclude specific users from restriction — grant bypass access to trusted individuals regardless of their role
✅ REST API protection — /wp/v2/media respects the same restriction rules, covering Gutenberg and headless setups
Settings & admin
✅ Modern tabbed settings page — Roles & Users and Activity Log in one place
✅ Instant role toggles — enable or disable restriction per role without a page reload
✅ Live status badges on each role card showing user count and restriction state
✅ Header summary showing how many roles are restricted and users excluded
Activity log
✅ Tracks all upload, delete, and view events automatically
✅ Records user, file name, IP address, and timestamp for every event
✅ Displays the latest 30 entries in a clean admin table
✅ One-click clear log with confirmation prompt
Compatibility & clean code
✅ Works with default WordPress roles and any custom roles (LMS, membership, WooCommerce, etc.)
✅ Compatible with Gutenberg block editor, classic editor, and headless setups
✅ Restricted users can still upload and manage their own files — restriction is visibility only
✅ No impact on existing media files — the plugin never modifies or deletes files
✅ Clean uninstall — removes all plugin options and database tables on deletion
🧠 Use Cases
Online Learning Platforms (LMS):
Prevent instructors from seeing or using each other’s uploaded course files. Exclude trusted course managers so they retain full access.
Client Sites & Freelancers:
Limit clients to only their own media uploads, keeping your own assets private and the library uncluttered.
Multi-Author Blogs:
Ensure each contributor only sees their own images and uploads. Exclude editors who need to manage all media.
Membership or Community Sites:
Allow members to upload profile or content images but restrict them from browsing admin or other members’ uploads.
Agencies & Teams:
Give designers and content editors restricted media access while allowing project leads or account managers full visibility.
屏幕截图
Media restrict settings page.
常见问题
-
Does this plugin restrict media access for all user roles?
-
Yes. You can restrict any user role on your site — including custom roles created by LMS, membership, WooCommerce, or user role editor plugins. Administrators are always exempt.
-
Can I allow specific users to bypass the restriction?
-
Yes. The Exclude Specific Users field lets you grant full media access to individual users even if their role is restricted. Changes take effect immediately.
-
Does the restriction apply in the Gutenberg block editor?
-
Yes. Version 2.0.0 adds REST API protection, which covers the /wp/v2/media endpoint used by Gutenberg and headless WordPress setups. Previous versions only restricted the admin UI.
-
Does this plugin support custom user roles?
-
Yes. Media Restriction detects all registered roles automatically, including those added by third-party plugins.
-
Will restricted users still be able to upload media?
-
Yes. Restriction only affects visibility — users can still upload and manage their own files. They simply cannot see files uploaded by other users.
-
Does it affect existing media files?
-
No. The plugin only controls what is visible in the library. It never modifies, moves, or deletes any files.
-
What does the Activity Log track?
-
Every upload, deletion, and media library view is logged with the user’s name, the file name or object, their IP address, and the date and time. Logs can be cleared by an administrator at any time.
-
Will it conflict with other plugins?
-
Media Restriction is designed to be lightweight and conflict-free. It hooks into standard WordPress filters and does not modify the database schema beyond its own activity log table.
-
Does it clean up after itself on uninstall?
-
Yes. Uninstalling the plugin removes all saved options and drops the activity log database table completely.
评价
此插件暂无评价。
贡献者及开发者
更新日志
2.0.0
- Complete UI redesign — modern tabbed settings page with instant AJAX role toggles and live status badges
- New: Activity Log — tracks all upload, delete, and view events with user, file, IP, and timestamp
- New: REST API restriction — /wp/v2/media endpoint now respects role-based restrictions
- Fixed: Excluded users were incorrectly restricted in the grid view (media modal) due to a type mismatch between stored user IDs (strings) and get_current_user_id() (integer)
- Fixed: WordPress core re-injects the author constraint after ajax_query_attachments_args — resolved via posts_where hook with unconditional strip for grid context
- Improved: Settings page now uses AJAX for both role toggles and excluded user saves — no full page reload required
- Requires PHP 7.4 or higher
1.0.3
- Removed extra tags
1.0.2
- Added GitHub Action
1.0.1
- Updated readme
1.0.0
- Initial release