Restricting access to the administration panel

In its default settings, Contact Form 7 allows all users except subscriber users to have access to the administration panel; but allows only administrator and editor users to edit contact forms. You might feel that you would want to change this setting to restrict access even more, so I will show you how to do this in this article.

For example, let’s change access to allow only administrator users access and editing rights. You can do this by editing your wp-config.php and inserting these lines:

define( 'WPCF7_ADMIN_READ_CAPABILITY', 'manage_options' );
define( 'WPCF7_ADMIN_READ_WRITE_CAPABILITY', 'manage_options' );

WPCF7_ADMIN_READ_CAPABILITY holds the minimum capability required for access to the administration panel, while WPCF7_ADMIN_READ_WRITE_CAPABILITY holds the minimum capability required for editing contact forms. Obviously WPCF7_ADMIN_READ_WRITE_CAPABILITY should be stricter than WPCF7_ADMIN_READ_CAPABILITY, as you cannot edit contact forms without accessing the administration panel.

manage_options is a capability that normally only administrator users have. So setting manage_options to both WPCF7_ADMIN_READ_CAPABILITY and WPCF7_ADMIN_READ_WRITE_CAPABILITY allows only those administrator users access and editing rights.

You can set any capabilities you wish to these constants to fine-tune the restrictions. If you want to learn further about WordPress’ Roles and Capabilities concepts, and to learn more about what capabilities are available, check WordPress support document.

Just another contact form plugin for WordPress. Simple but flexible.