If you have used Contact Form 7, you would have noticed that by default, it does not offer any controls in the admin panel to restrict access to its admin page.
However, restricting access to Contact Form 7 admin panel is not very difficult and can be achieved with a very little piece of code.
Before we dive in to the permissions, let’s have a quick look at what Roles and Capabilities are in WordPress.
Roles and Capabilities in WordPress
WordPress use a concept of Roles which gives the owners the ability to control what users can and cannot do on the site.
On a simple WordPress website (not Multisite), WordPress offers five roles. They are:
- Administrator
- Editor
- Author
- Contributor
- Subscriber
Among these, the Administrator has the highest level of access while the subscriber has the least access.
A Capability is a set of tasks that can be performed on the site by a certain Role.
Among the above roles, the Administrator has the highest level of capabilities and he has access to all the administration features of the site. After the Administrator, the next role is Editor. The editor has limited access when compared to Administrator. The next role in the heirarchy is Author. After the author, there is Contributor and then comes the Subscriber who has very limited access to the site and can only manage his own profile.
Which Permissions does Contact Form 7 Offer
Contact Form 7 offers two capabilities which allow a user to either edit the form or just view the form. The WPCF7_ADMIN_READ_CAPABILITY allows a user to view a form but he is unable to edit the form. The other capability is WPCF7_ADMIN_READ_WRITE_CAPABILITY. This capability allows a user to not only read the form but also edit the form.
Contact Form 7 Default Permissions
By default, the following users can read the Contact Form 7 forms: Administrator, Editor, Author, Contributor.
Below you can see how Contact Form 7 appears to users with Read and Read Write Capabilities.
For the Read and Write capability, the following users can read and edit the contact form 7 forms: Administrator, Editor.
Below is a table of default permissions for Contact Form 7.
| Role | Can Read Only | Can Read and Write |
|---|---|---|
| Administrator | Yes | Yes |
| Editor | Yes | Yes |
| Author | Yes | No |
| Contributor | Yes | No |
| Subscriber | No | No |
How to Edit Permissions in Contact Form 7 Without Any Plugin
To edit the permissions for Contact Form 7, open wp-config.php via a File Manager Plugin or via your hosting panel and add the following lines of code.
define( 'WPCF7_ADMIN_READ_CAPABILITY', 'your-required-capability' );
define( 'WPCF7_ADMIN_READ_WRITE_CAPABILITY', 'your-required-capability' );Be sure to change 'your-required-capability' to one of the capabilities from the following table.
| Role | Capability Name |
|---|---|
| Administrator | manage_options |
| Editor | edit_others_posts |
| Author | publish_posts |
| Contributor | edit_posts |
| Subscriber | read |
For example, if you want the editor to have both capabilities, you would set it like this.
define( 'WPCF7_ADMIN_READ_CAPABILITY', 'edit_others_posts');
define( 'WPCF7_ADMIN_READ_WRITE_CAPABILITY', 'edit_others_posts' );Remember that the read write capability should be stricter than the read capability. Because if a user can edit the forms, he can also read the forms.
So, if you set the read capability to edit_others_posts, the write capability can only be edit_others_posts or manage_options.
