Role-Based Access Control
Better Messages includes a role-based send-permission system — pick the WordPress roles that are allowed (or forbidden) to send messages, set a custom error message for blocked senders, and put per-role rate limits on top so high-volume roles can't be used to spam threads.
What it adds#
- Allow or Disallow mode for role-based send permission
- A single per-role list that defines who is in (or out, depending on the mode)
- Custom error message shown to blocked senders
- Per-role rate limits on replies (configurable per role, per time window)
- Site-wide minimum delay between new conversations
- Companion features: user-to-user block, MyCred / GamiPress points, and pre-moderation for richer policies
How it works#
The system checks the sender's role against the configured policy on every message send:
- Mode = Allow — only roles in the list can send. Everyone else is blocked.
- Mode = Disallow — roles in the list are blocked. Everyone else can send.
- Reply rate limit — if the sender's role has a per-time-window cap, replies above the threshold are blocked until the window resets.
- New-conversation rate limit — a minimum number of seconds between starting new threads, site-wide.
A failed check rejects the send with the configured error message.
| Mode | Effect |
|---|---|
| Allow | Sender's role must be in the configured list. Roles not in the list are blocked. |
| Disallow | Sender's role must NOT be in the configured list. Roles in the list are blocked. |
Common policy patterns#
| Site type | Example configuration |
|---|---|
| Marketplace | Disallow customer from starting new conversations more than once per 30 seconds; allow vendors / shop managers freely |
| LMS | Allow only instructor, course-leader, and subscriber to use the messenger; rate-limit subscriber to 30 replies per hour |
| Membership site | Disallow subscriber (free tier) from sending; allow paid roles |
| Public community | Allow only verified roles; combine with the user-block feature for individual safety |
| Anti-spam baseline | Enforce a 30-second minimum between new conversations site-wide |
Rate limiting examples#
| Use case | Rate limit |
|---|---|
| Free-tier guard rails | subscriber → 50 replies per day |
| High-volume vendor role | No reply limit, but enforce 30s between new threads |
| Anti-spam baseline | 30-second minimum between new conversations (site-wide) |
How to enable#
Navigate to WP Admin → Better Messages → Settings → Restrictions.
- Restriction Mode — Allow or Disallow mode for the role list
- Restricted Roles — Roles that are in / out depending on the mode
- Restriction Error Message — Text shown to a blocked sender
- Rate Limit Replies — Per-role replies-per-window cap (
repliescount + window in minutes) - Rate Limit Replies Error — Text shown when the cap is hit
- Rate Limit New Conversations — Minimum seconds between starting new threads (site-wide, all roles)
Frequently asked questions#
Are admins exempt from these rules?#
WordPress administrators (the administrator role) bypass the bad-words filter when Skip for Admins is on. Role-based access applies to admins the same as any other role — list them under Allow mode or leave them out of the Disallow list to keep them unrestricted.
What error message does a blocked user see?#
The text from Restriction Error Message (or Rate Limit Replies Error when the rate limit is the cause). Both are configurable in the Restrictions tab.
How do the rules interact with user-to-user block?#
Both apply — a user-to-user block and a role restriction each have to pass for the message to send. Either rejection blocks the message. Role rules are admin-set; user blocks are user-set.
Can I create custom roles for this?#
Yes — the rule system reads ANY WordPress role, including custom ones added by membership plugins (Paid Memberships Pro, MemberPress, etc.). Define your roles in those plugins, then pick them in the Better Messages restrictions.
What about guests / non-logged-in users?#
Guests have a synthetic bm-guest role and can be picked in the Restrictions role list. Combine that with the per-chat-room Allow guests toggle to control where guests can chat.
See also#
- User-to-user block — user-controlled blocking (different from role rules)
- Pre-moderation — moderator review before delivery
- Bad words filter — server-side content filtering
- Role-based access blog post — feature deep-dive
- MyCred / GamiPress pay-to-message — point-cost-based access control