WP Payment Pal Documentation
← Back to site

Restricting by User Role

Limit form access to users with specific WordPress roles. This guide covers role-based access control for payment forms.

Reading time: 3 minutes | Difficulty: Intermediate

Overview

Limit form access to users with specific WordPress roles. This guide covers role-based access control for payment forms.

Prerequisites

  • A payment form created
  • Understanding of WordPress user roles
  • Users with different roles to test

Accessing Role Settings

  1. Edit your payment form
  2. Click the Restrictions tab
  3. Find the User Roles section
Restrictions tab overview

Step 1: Enable Role Restriction

  1. Toggle Restrict by Role on
  2. Select allowed roles from the list
  3. Save the form
Role restriction area highlighted
Specific roles checked
Role restriction settings highlighted

WordPress Default Roles

Role Typical Use
Administrator Full site access
Editor Manage all content
Author Publish own content
Contributor Write but not publish
Subscriber Basic profile access

How Role Restriction Works

When role restriction is enabled:

  1. User visits form page
  2. System checks if logged in
  3. System checks user’s role
  4. If role matches → form displays
  5. If role doesn’t match → restricted message

Common Configurations

Members Only

Allowed Roles: Subscriber, Contributor, Author, Editor, Administrator

Purpose: All registered users can access
Excludes: Anonymous/guest visitors

Premium Members

Allowed Roles: Premium Member (custom role)

Purpose: Special pricing for paid members
Requires: Membership plugin for custom role

Staff Only

Allowed Roles: Editor, Administrator

Purpose: Internal ordering/purchasing
Excludes: Regular subscribers

VIP Customers

Allowed Roles: VIP Customer (custom role)

Purpose: Exclusive products for top customers
Requires: Custom role assignment

Using Custom Roles

Many plugins create custom roles:

Membership Plugins

  • WooCommerce: Customer, Shop Manager
  • MemberPress: Member levels
  • Paid Memberships Pro: Membership levels

LMS Plugins

  • LearnDash: Student, Group Leader
  • LifterLMS: Student roles

BuddyPress/Community

  • Various community roles

Setting Up Custom Roles

To create custom roles, use:

  • Membership plugins
  • Role editor plugins (Members, User Role Editor)
  • Custom code

Custom roles appear in the restriction dropdown.

Combining Restrictions

Role restriction works with:

Login Required (Implicit)

Role restriction automatically requires login:

  • Can’t check role of logged-out user
  • Login prompt shown first
  • Then role check applies

+ Scheduling

Allowed Roles: Premium Member
Schedule: Dec 1-15

Access: Premium members, during December sale only

+ Inventory

Allowed Roles: VIP Customer
Inventory: 50

Access: VIPs only, limited quantity

Restricted Message

Customize what unauthorized users see:

  1. Find Restricted Message setting
  2. Enter your custom message
  3. Save the form

Example messages:

  • “This offer is available to Premium members only.”
  • “Please upgrade your membership to access this product.”
  • “Staff access only.”

Multiple Roles

Users can have multiple roles in WordPress. Access is granted if they have ANY of the allowed roles:

Allowed: Editor, Premium Member
User has: Subscriber + Premium Member

Result: Access granted (has Premium Member)

Viewing User Roles

To check a user’s role:

  1. Go to Users in admin
  2. Click on a user
  3. See their role(s) in the profile

Assigning Roles

Manual Assignment

  1. Go to Users
  2. Edit user profile
  3. Change role dropdown
  4. Save changes

Automatic Assignment

Use plugins to assign roles based on:

  • Purchase completion
  • Membership signup
  • Form submission
  • Manual admin action

Testing Role Restrictions

Test with Allowed Role

  1. Log in as user with allowed role
  2. Visit form page
  3. Verify form displays

Test with Non-Allowed Role

  1. Log in as user with different role
  2. Visit form page
  3. Verify restricted message displays

Test as Logged Out

  1. Log out
  2. Visit form page
  3. Verify login prompt (not form)

Best Practices

  1. Document roles – Know what each role means
  2. Test thoroughly – Check all role combinations
  3. Clear messaging – Tell users how to get access
  4. Easy upgrade – Provide path to qualifying role
  5. Regular audits – Review who has what role

Common Patterns

Tiered Access

Form A (Basic): Subscriber+
Form B (Premium): Premium Member
Form C (VIP): VIP Customer

Higher tiers get better pricing/products

Exclusive Launch

Week 1: VIP Customer only
Week 2: Premium Member+
Week 3: All users

Phased rollout by loyalty

Internal vs External

Staff Form: Editor, Administrator
Customer Form: Subscriber, Customer

Separate forms for different audiences

Troubleshooting

User with correct role can’t access

  • Verify role is selected in restrictions
  • Check user actually has the role
  • Clear caching
  • Save form and retry

Restriction not working (everyone can access)

  • Verify restriction is enabled
  • Check roles are selected
  • Save form properly
  • Test in incognito mode

Custom role not appearing

  • Verify role exists in WordPress
  • Check plugin creating role is active
  • Refresh the form editor

What’s Next?

Last Modified: February 26, 2026