Restrict Access To Front End WordPress Content For Members Only
How’s that title for keywords!
Do you need to restrict access to certain portions of your website based on the post category? So did I. I tried a few different methods, and ended up mashing up my own workflow for content restriction in WordPress. I’m really not sure of how other plugins are accomplishing this, but here is mine:
Here’s our workflow and outline.
- Creating a custom taxonomy (or use the default WordPress categories if you like)
- Creating custom user roles & capabilities
- Assign our custom capabilities to our administrator role (else admin won’t be able to see your restricted content)
- Use WordPress Shortcode API to filter access to specific front-end content based on the category and user role
- Assign our Users to their respective roles
One important note. This tutorial covers just the front-end restriction. It doesn’t have anything to do with the backend roles of post/category creation, editing, and so forth. Others have written tutorials about that.
I loosely got my idea for this from JT
Step 1: (The custom taxonomy)
Remember, you can skip this step if you just want to use the built in categories and posts.. It isn’t really needed at all.
We’re going to create a custom taxonomy called “goods”. We’ll then create a few types of ‘goods’ and eventually restrict font-end access to posts that are associated with various “goods”
Here’s the code for your ‘goods’ taxonomy. You can place all of the code in your functions.php file.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
//hook into the init action and call create_goods_taxonomies when it fires add_action( 'init', 'create_goods_taxonomies', 0 ); function create_goods_taxonomies(){ register_taxonomy( 'goods', array('post'), /* On what post type this taxonomy will appear */ array('hierarchical' => true, /* if this is true it acts like categories */ 'labels' => array( 'name' => __( 'Goods', 'bonestheme' ), /* name of the custom taxonomy */ 'singular_name' => __( 'Goods', 'bonestheme' ), /* single taxonomy name */ 'search_items' => __( 'Search Goods', 'bonestheme' ), /* search title for taxomony */ 'all_items' => __( 'All Goods', 'bonestheme' ), /* all title for taxonomies */ 'parent_item' => __( 'Parent Goods', 'bonestheme' ), /* parent title for taxonomy */ 'parent_item_colon' => __( 'Parent Goods:', 'bonestheme' ), /* parent taxonomy title */ 'edit_item' => __( 'Edit Goods', 'bonestheme' ), /* edit custom taxonomy title */ 'update_item' => __( 'Update Goods', 'bonestheme' ), /* update title for taxonomy */ 'add_new_item' => __( 'Add New Goods', 'bonestheme' ), /* add new title for taxonomy */ 'new_item_name' => __( 'New Goods Name', 'bonestheme' ) /* name title for taxonomy */ ), 'show_ui' => true, 'query_var' => true, ) ); } |
Step 2: Add our custom user roles & capabilities
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
add_action( 'init', 'bh_roles_manager_activate'); function bh_roles_manager_activate(){ $role = 'level_1_member'; $display_name = "Level 1 Member"; $capabilities = array('level_1_member' => true); add_role( $role, $display_name, $capabilities ); // Add our "level 1 member role" $role = 'level_2_member'; $display_name = "Level 2 Member"; $capabilities = array('level_2_member' => true); add_role( $role, $display_name, $capabilities ); // Add our "level 2 member role" $role = 'premium_member'; $display_name = "Premium Member"; $capabilities = array( 'level_1_member' => true, 'level_2_member' => true ); add_role( $role, $display_name, $capabilities ); // Add our "Premium Member role" who has access to both level 1 and level 2 content // Give the administrator (or any other default wordpress roles) access to the content, else they won't see it either $admin_role = get_role('administrator'); $admin_role->add_cap('level_1_member'); $admin_role->add_cap('level_2_member'); } |
Special Note: You don’t want to hook the role creation to INIT (like I’ve done), else it will fire each time INIT does. You only want to create the roles once, and would be ideal to put this in a plugin and have the role creation code execute on the plugin activation hook…
The code is pretty simple: It adds three new roles, gives each role a custom capabilities, and then we give the admin user access to the capabilities as well. We’re going to use these capabilities in our next step to restrict access to whatever pages we want.
Step 3 – Restrict Access via Shortcodes
Here is where the trick lies. We create a custom shortcode, and inside of our shortcode, we pass the value of one of our custom capabilities. We then use a bit of logic to restrict access if the users are not of that particular ‘role’.
|
1 2 3 4 5 6 7 8 9 10 11 |
add_shortcode( 'bh_goods_access', 'bh_goods_access_check_shortcode' ); function bh_goods_access_check_shortcode( $attr, $content = null ) { extract( shortcode_atts( array( 'permission' => null ), $attr ) ); if ( current_user_can( $permission ) && !is_null( $content ) && !is_feed() ) return $content; return "You don't have access the view this content."; } |
This code simply takes a shortcode of this structure (which you would put in your post content):
|
1 2 3 4 5 |
[bh_goods_access permission="level_1_member"] Restricted Content Goes Here. It could be just a portion of the post, or the entire post's content. If the user is assigned to the "Level 1 Member" role, they'll have access, and see this content. Otherwise, they'll see the 'restricted content' message we set up above.. [/bh_goods_access] |
Now you can set up your posts, and categories however you like. In order to restrict access, you just add that simple shortcode, and put the capability name in the permission value. In order to grant permission to certain users to see that content, you just edit their profile, and assign them to the corresponding user role. Piece-o-cake. You could even extend it a bit further by auto-assigning them to a role through any particular action they take on the site (i.e. when they purchase a product, when they comment, when they dontate etc).
You could extend this a bit by returning different values in the shortcode return statement based on their role, and then doing additional logic in the theme template file such as redirection, custom messages etc. You could also check which post category (or custom taxonomy) inside of the shortcode logic, and restrict/grant access based on their role along with the category/taxonomy the post was assigned to.
Any other tricks ya’ll have up your sleeve for content restriction?
Category: General
