How can we help?
🔒 LineagePress – Admin Access and Security
LineagePress employs a straightforward and secure access model designed for a single administrator.
Access Control
Administrator Only
- Requirement: All backend features are restricted to users with WordPress Administrator privileges (specifically, the
manage_optionscapability). - Restriction: Users with other roles (Editor, Author, Contributor, Subscriber) are locked out of the LineagePress admin pages.
Administrator Capabilities
Users with the Administrator role have full control over the plugin, including the ability to:
- View and manage all genealogy data (individuals, families, events, etc.).
- Import and export GEDCOM files.
- Add, edit, and delete individuals and families.
- Manage trees, places, media, and sources.
- Configure plugin settings and privacy rules.
Frontend Access
- Public Visibility: The public genealogy pages (family trees, person profiles, etc.) are accessible to all visitors and do not require a login.
- Data Control: Privacy settings (configured on the Dashboard) determine which data (e.g., living individuals) is visible to the public.
Security
All administrative functions within LineagePress Lite are secured by the following checks:
- Nonce Verification: Protects against Cross-Site Request Forgery (CSRF) attacks.
- Administrator Capability Check: Ensures only authenticated administrators can execute functions.
- Input Sanitization: Guards against malicious data and potential code injection.
Future: LineagePress Pro Access Features
The professional version of LineagePress is planned to include advanced access control features:
- Role-Based Permissions
- Per-Tree Access Control
- Approval Workflows for submitted data
- Custom User Roles
- Granular Capability Management
For the current Lite version, access remains streamlined with an administrator-only model.