How to Control Access to Contact Form 7 Admin Panel

  • Reading time:6 mins read
You are currently viewing How to Control Access to Contact Form 7 Admin Panel

If you have used Contact Form 7, you would have noticed that by default, it does not offer any controls in the admin panel to restrict access to its admin page.

However, restricting access to Contact Form 7 admin panel is not very difficult and can be achieved with a very little piece of code.

Before we dive in to the permissions, let’s have a quick look at what Roles and Capabilities are in WordPress.

Roles and Capabilities in WordPress

WordPress use a concept of Roles which gives the owners the ability to control what users can and cannot do on the site.

On a simple WordPress website (not Multisite), WordPress offers five roles. They are:

  1. Administrator
  2. Editor
  3. Author
  4. Contributor
  5. Subscriber

Among these, the Administrator has the highest level of access while the subscriber has the least access.

A Capability is a set of tasks that can be performed on the site by a certain Role.

Among the above roles, the Administrator has the highest level of capabilities and he has access to all the administration features of the site. After the Administrator, the next role is Editor. The editor has limited access when compared to Administrator. The next role in the heirarchy is Author. After the author, there is Contributor and then comes the Subscriber who has very limited access to the site and can only manage his own profile.

Which Permissions does Contact Form 7 Offer

Contact Form 7 offers two capabilities which allow a user to either edit the form or just view the form. The WPCF7_ADMIN_READ_CAPABILITY allows a user to view a form but he is unable to edit the form. The other capability is WPCF7_ADMIN_READ_WRITE_CAPABILITY. This capability allows a user to not only read the form but also edit the form.

Contact Form 7 Default Permissions

By default, the following users can read the Contact Form 7 forms: Administrator, Editor, Author, Contributor.

Below you can see how Contact Form 7 appears to users with Read and Read Write Capabilities.

Form With Read Write Permissions
Contact Form 7 Interface with Read Only Permission

For the Read and Write capability, the following users can read and edit the contact form 7 forms: Administrator, Editor.

Below is a table of default permissions for Contact Form 7.

RoleCan Read OnlyCan Read and Write
Default Permissions in Contact Form 7

How to Edit Permissions in Contact Form 7 Without Any Plugin

To edit the permissions for Contact Form 7, open wp-config.php via a File Manager Plugin or via your hosting panel and add the following lines of code.

define( 'WPCF7_ADMIN_READ_CAPABILITY', 'your-required-capability' );
define( 'WPCF7_ADMIN_READ_WRITE_CAPABILITY', 'your-required-capability' );

Be sure to change 'your-required-capability' to one of the capabilities from the following table.

RoleCapability Name
Contact Form 7 Capability Names for All User Roles

For example, if you want the editor to have both capabilities, you would set it like this.

define( 'WPCF7_ADMIN_READ_CAPABILITY', 'edit_others_posts');
define( 'WPCF7_ADMIN_READ_WRITE_CAPABILITY', 'edit_others_posts' );

Remember that the read write capability should be stricter than the read capability. Because if a user can edit the forms, he can also read the forms.

So, if you set the read capability to edit_others_posts, the write capability can only be edit_others_posts or manage_options.

Leave a Reply