DEV Community

Cover image for How to Restrict Content By Members in WordPress
GretaThemes
GretaThemes

Posted on • Originally published at gretathemes.com

How to Restrict Content By Members in WordPress

Your WordPress website has some important, sensitive, or paid content, and you want to allow only a few users with a certain role to view them. Easy peasy! You can use a member plugin to restrict who is allowed to read content on your WordPress website.

In this article, we're going to do it step by step with Restrict User Access plugin. But first, let's learn about the applications of restricting content by members in WordPress.

When Do You Need to Restricting Content by Members?

Restricting content by members can be applied for:

     
  • Online books websites: allow only VIP members to read paid books or hot books.
  •  
  • School websites: allow only teacher accounts to read private documents such as lesson plans and graduation theses.
  •  
  • Company websites: allow only manager accounts to read private documents or internal reports.
  •  
  • And many other applications, depending on your creativity.

For better illustration, I'm going to make an example of a company website. Here what I do:

How to Allow Only Certain Users to Read Content

In this article, I classify all users on the WordPress website into two levels: Manager and Staff. Staff can only read normal posts, while managers can read both normal and private posts.

To do so, I use Restrict User Access plugin.

Restrict User Access plugin helps you create a membership website where users get different levels. Depending on the level, users are allowed to use features or read posts with increasing importance / secret.

Restrict User Access plugin is free and available on wordpress.org, so you just need to install and activate the plugin as usual:

install and activate Restrict User Access plugin

Upon activation, a new section User Access will show on the sidebar on the back end of your WordPress website:

a new section User Access will show on the sidebar on the back end of your WordPress website

This time, follow these below steps to restrict content by members in WordPress:

Step 1: Create Levels and Grant Capabilities for Them

First, go to User Access > Access Levels > Add New:

Create a new level to restrict content

In the Add New interface, you can create access conditions, apply the level to users, grant capabilities for the level, and set up other options such as duration, hide the admin bar, etc.

the interface to add new access levels

Now, name the level, and then move to the Capabilities tab to grant capabilities for this level:

grant capabilities for the level

As you can see on the image, the first column contains capabilities that can be granted to the currently selected level (Manager). To grant a capability to Manager, just click on the corresponding cell in the Permit column; otherwise, click the cell in the Deny column.

In this article, I only focus on the capability to read articles or pages. Therefore, I only permit the following capabilities:

     
  • read: read normal posts / pages
  •  
  • read_private_posts
  •  
  • read_private_pages

As for other capabilities, I choose Deny.

deny other capabilities of the access level

Next, don't forget to click Create.

We've finished the first level Manager. As for the Staff level, I do the same. But in the Capabilities tab, I only permit read.

restrict content by the access levels

These are two levels (Manager and Staff) that I've created:

two level we've created with Restrict User Access plugin

However, these levels still haven't been applied to any user. To do so, move to step 2.

Step 2: Apply the Level to Users

There are two methods to apply the level to users:

     
  • Method 1: Choose users manually
  •  
  • Method 2: Synchronize with user roles

Here we go!

Method 1: Choose Users Manually

Method 1 is suitable for internal company websites that have a few members (<20 people) because it's time-consuming to choose numerous members manually.

First, go to User Access > Access Levels and choose the level you want to apply to users:

hoose the level you want to apply to users

Next, move to the Members tab, in the Search for Users section, fill in the user names and click Save.

fill in the user names in the Members tab

Method 2: Synchronize with User Roles

Method 2 is faster than method 1 because you can utilize available user roles on your WordPress website. However, make sure that managers and staff are assigned the right user roles.

Read more: how to configure user roles in WordPress.

To synchronize with user roles, you also choose the desired level and go to the Members tab.

In the Synchronized Role section, choose the role you want to synchronize. In this example, I created two user roles (Manager Users and Staff Users) before, so I just need to synchronize them with the corresponding levels.

Synchronize the Restrict User Access plugin with User Roles

Ok, now I'll check if we do it right. My WordPress website has three private posts and some normal posts as follows:

Restrict private posts and normal posts on the WordPress website by members

First, I log in with a Staff account. As you can see, I can't see private posts. They don't even show up:

Content are restricted for Staff members

Next, I log in with a Manager account. And tada, I can see private posts now:

Content is not restricted for Manager members

Restrict User Access has another interesting feature that is creating access conditions. With this feature, you can set up so that users in a level can only read certain posts that you specified.

How to Create Access Conditions

First, choose the level that you want to create access conditions for. In this example, I choose the Staff level:

create access conditions for the Staff level

Next, go to the Access Conditions tab and click New condition group:

add a New condition group:

Now, you can see a lot of condition types. However, we just focus on the capability of reading posts, so let's choose Posts / Blog:

Choose the capability of reading posts

After that, click the box next to the Posts / Blog section, and then select the posts that you allow your users to read. For example, I choose the following posts:

select the posts that you allow your users to read.

Finally, don't forget to click Save.

From now on, Staff users are only allowed to read content that I specified above. As for other posts, although they can still see the title and featured images on the archive page, they can't read the post content.

Staff members can't read restricted content on the WordPress website

Last Words

Restricting content by members in WordPress is very crucial for websites that have sensitive, important, or paid content. You should utilize this technique to protect your website content.

Do you know any other application of restricting content by members in WordPress? Share it with us in the comment section!

See ya!

Discussion (0)