General Information

[whimba]

In version 1.5.5 of AAM I'm introducing the Access Config feature.
Config is based on INI file format and follows its standards.
Logically whole config is divided on backend and frontend sections.
On current version of AAM you can specify only redirect. Please see example with description below:

[backend]
; Specify redirect if access is denied for specific resource
; This will enforce the redirect to specified URL or if it is userFunc it'll
; execute this function.
; PLEASE NOTICE! Custom userFunc should die an application or redirect to some URL
; by sending header, otherwise the application will through the Exception
; "Unauthorized Action"
; If redirect is valid URL then it'll redirect to that URL
; If redirect is number, it'll try to redirect to page or post with that ID by using WordPress function get_permalink
; If redirect has property userFunc it'll execute the userFunc
access.deny.redirect = "http://mydomain.com/wp-admin/dashboard"

[frontend]
access.deny.redirect.userFunc = "access_denied"

[whimba]

In release 1.5.8 one more feature became available - delete_capabilities. It should be nested into [aam] section:

[aam]
; If you sent true - it means that you can delete any capability, otherwise there will be no possibility
; to do that.
; This is additional protection layout in fact capabilities are the most important part of access management in
; WordPress.
delete_capabilities = "true"

[whimba]

In release 1.6 I added one more parameter for the Restriction Deny message.
As example:

[frontend]
access.deny.message = "You are not logged in to see this page"

[backend]
access.deny.message.userFunc = "backendDenyFunction"

[whimba]

In release 1.6.1 one more parameter is available. This time it is related to multisite setup.
This parameter replaces the button Apply all in releases 1.5.x.
It should be included in section [aam] :

[aam]
multisite.apply_all = "true"