Restrict Access To Front End WordPress Content For Members Only

How’s that title for keywords!

Do you need to restrict access to certain portions of your website based on the post category? So did I. I tried a few different methods, and ended up mashing up my own workflow for content restriction in WordPress. I’m really not sure of how other plugins are accomplishing this, but here is mine:

Here’s our workflow and outline.

  • Creating a custom taxonomy (or use the default WordPress categories if you like)
  • Creating custom user roles & capabilities
  • Assign our custom capabilities to our administrator role (else admin won’t be able to see your restricted content)
  • Use WordPress Shortcode API to filter access to specific front-end content based on the category and user role
  • Assign our Users to their respective roles

One important note. This tutorial covers just the front-end restriction. It doesn’t have anything to do with the backend roles of post/category creation, editing, and so forth. Others have written tutorials about that.
I loosely got my idea for this from JT

Step 1: (The custom taxonomy)

Remember, you can skip this step if you just want to use the built in categories and posts.. It isn’t really needed at all.

We’re going to create a custom taxonomy called “goods”. We’ll then create a few types of ‘goods’ and eventually restrict font-end access to posts that are associated with various “goods”

Here’s the code for your ‘goods’ taxonomy. You can place all of the code in your functions.php file.

Step 2: Add our custom user roles & capabilities

Special Note: You don’t want to hook the role creation to INIT (like I’ve done), else it will fire each time INIT does. You only want to create the roles once, and would be ideal to put this in a plugin and have the role creation code execute on the plugin activation hook…

The code is pretty simple: It adds three new roles, gives each role a custom capabilities, and then we give the admin user access to the capabilities as well. We’re going to use these capabilities in our next step to restrict access to whatever pages we want.

Step 3 – Restrict Access via Shortcodes

Here is where the trick lies. We create a custom shortcode, and inside of our shortcode, we pass the value of one of our custom capabilities. We then use a bit of logic to restrict access if the users are not of that particular ‘role’.

This code simply takes a shortcode of this structure (which you would put in your post content):

Now you can set up your posts, and categories however you like. In order to restrict access, you just add that simple shortcode, and put the capability name in the permission value. In order to grant permission to certain users to see that content, you just edit their profile, and assign them to the corresponding user role. Piece-o-cake. You could even extend it a bit further by auto-assigning them to a role through any particular action they take on the site (i.e. when they purchase a product, when they comment, when they dontate etc).

You could extend this a bit by returning different values in the shortcode return statement based on their role, and then doing additional logic in the theme template file such as redirection, custom messages etc. You could also check which post category (or custom taxonomy) inside of the shortcode logic, and restrict/grant access based on their role along with the category/taxonomy the post was assigned to.

Any other tricks ya’ll have up your sleeve for content restriction?

Category: General

- August 28, 2012

Leave a Reply

Your email address will not be published / Required fields are marked *