WP All Import doesn't have a dedicated client mode or any way to provide access to non-admins. When you run an import, you are inserting data into the database. WP All Import also allows running code on your site. The Edit Import page allows users to run code in the Function Editor and in every input field. So, if you allow a user access to WP All Import, it wouldn't be that hard for them to figure out how to make themselves an admin.

Only Trusted Users Should Have Access to WP All Import

You should only give access to WP All Import to users that you trust, as they will have complete power over your site. Do not give access to untrusted users.

How We Currently Determine Access

In single-site installs, the 'manage_options' capability provides access to WP All Import. This allows administrators to access WP All Import’s screens. You can learn more here: manage_options.

If you want other user roles to access WP All Import on single-site installs, you must also give them the 'manage_options' capability.

In multisite installs, the 'install_plugins' capability provides access to WP All Import. This allows 'super admins' to access WP All Import’s screens. You can learn more here: install_plugins.

If you want other user roles to access WP All Import on multisite installs, you must also give them the 'install_plugins' capability. If this is not possible for some reason, please see here.

Keep in mind that changing the permissions to give other user roles access to WP All Import is a custom workaround, so we don't officially support these changes. If the Settings menu item is hidden, permissions won't work as expected.

Alternatives to Full Access

There are a couple of solutions to provide non-administrators the ability to run imports without accessing WP All Import directly.

First, you can simply set up a scheduled import and allow the user to control the import file.

Alternatively, you can create a form that allows them to upload a file and then trigger the import to run using that file.

Again, exercise caution when allowing users to do these things. You are letting people inject data into your database.

Give Access to the File Used in a Scheduled Import

1. Set Up a Recurring Import that Uses FTP, Dropbox, Google Sheets, etc.

In WP All Import, create a brand new import following our instructions here: How to Import Any CSV, XML, or Excel File into WordPress.

In Step 1, you should provide your import file using an FTP source or a direct link from a Google Sheet. Proceed to set up the entire import template and process.

Once done, you can schedule the import to run automatically using either cron jobs (see documentation) or our Automatic Scheduling Service (learn more).

2. Allow the User to Edit the Import File

After setting up the import and scheduling it, you can let users edit the file. For example, you can provide them with the FTP credentials so they can overwrite the file with a new version or show them how to edit the file in Google Sheets, Dropbox, etc. When the scheduler runs the import again, it will use the latest version of the file.

Create a Form to Upload an Import File, Then Run the Import

1. Create a WordPress Page With a Form on It to Allow Uploading Files.

Using Gravity Forms, create a new form on your WordPress site that allows uploading files. This form will be used by your users to upload the file to import.

You could make this form accessible only to users with a specific user role if you don't want it to be public.

Since external users will upload data to your site, make sure to provide clear instructions on what type of file has to be uploaded along with its format. For example, if you're using CSV, the column headers should be the exact same to avoid issues.

2. The Form Dumps the File to a Specific Folder on the Site.

Set up the form to dump the file on a specific folder on your site, for example, /wp-content/files-to-import/.

Here's the code used:

add_filter( 'gform_upload_path', 'change_upload_path', 10, 2 );
function change_upload_path( $path_info, $form_id ) {
   $path_info['path'] = '/home/govehetare7297/web/n-the-dark-leci.instawp.xyz/public_html/wp-content/uploads/files-to-import/';
   $path_info['url'] = 'https://n-the-dark-leci.instawp.xyz/wp-content/uploads/files-to-import/';
   return $path_info;
}

3. PHP Script that Serves All the Files in that Folder – It Validates the Column Headers.

Use the following PHP script to serve the file from that folder into WP All Import. This snippet serves the latest file from that folder:

function my_get_latest_file() {
    // Get the latest file from the folder
    $folderPath = 'wp-content/uploads/files-to-import/';
    $files = glob(ABSPATH . $folderPath . '*');
	array_pop($files);
    $latestFile = end($files); // Get the last file in the array

    // Return the full URL to the latest file
    $siteURL = get_site_url();
    $fileURL = $siteURL . str_replace($_SERVER['DOCUMENT_ROOT'], '', $latestFile);
    return $fileURL;
}

This code has to be saved in your child theme's functions.php file or in a plugin like Code Snippets.

4. Put the URL to the Script into the Download from URL Field in the Import.

Once the code is in place, you can call it in the Download a file › From URL field like so:

[my_get_latest_file()]

See:

5. When a User Submits a Form Entry, Hit the Import Trigger URL.

You should now set up a 'processing' cron job so that your external users can run the job automatically. This uses the following code, which will hit the 'trigger' URL and start the import whenever a user submits a form entry for form ID 4:

add_action('gform_after_submission_4', 'my_custom_function', 10, 2);

function my_custom_function($entry, $form) {

    // Use the trigger URL to run import ID 4

    wp_remote_get("http://yourdomain.com/wp-cron.php?import_key=importkey&import_id=4&action=trigger");

}

You need to set up the 'processing' cron job every 2 minutes for this to work. We explain more about cron jobs here: Scheduling Imports Using Cron Jobs.

Frequently Asked Question

Will You Ever Allow Non-Administrators to Access WP All Import?

No. Since WP All Import works by injecting data directly into your database, only administrators will be able to use our plugin.

Can I Provide Access to WP All Import Without Making the Users Administrators?

No, that isn't possible. But you can create an import from an external file and give those non-administrator users access to that file. We explain more about this in the alternatives explained above.

Are There Any Security Risks from Using Your Provided Solutions?

The methods that we have provided should be secure, and there shouldn't be any underlying risk aside from the fact that you are letting external people inject data into your site's database. You should exercise extreme caution doing this and put measures in place to avoid publishing unwanted or incorrect data.

How to Give WP All Import Access to Non-Super Admins on Multisite Installs?

Using 'install_plugins' capability to access WP All Import in a multisite install is required due to how WordPress works.

If you understand and accept the security implications of giving access to WP All Import to non-super admins, you can define this constant in the wp-config.php file to allow the old 'manage_options' capability to be used:

define('WPAI_WPAE_ALLOW_INSECURE_MULTISITE', 1); 

Related Docs

Explains how to use WP All Import to import any file into WordPress.

Provides instructions on how to use custom PHP code with WP All Import.

Shows our available hooks and filters to use programmatically.