WordPress

Restrict Pages in WordPress to Require a Login

login_lock.jpgThis week, we were finishing up implementing a custom theme on a client site and they requested that we build some kind of interaction where some of the pages were restricted to registered subscribers. At first, we thought about implementing third party plugins, but the solution was actually quite simple.

First, we copied the page template to a new file (any name is fine, just maintain the php extension). At the top of the page, be sure to comment on the page so that you can see it in the template editor by name:
<?php /* Template Name: Subscribers Only */ ?>

Next, look for the line in your page’s code that displays the content. It should look like this:
<?php the_content(); ?>

Now, you’ll need to wrap some code around that line:
<?php global $user_ID; get_currentuserinfo(); ?>
<?php if($user_ID) { ?>
<h2><?php the_title(); ?></h2>
<?php the_content(); ?>
<?php } else { ?>
<h2>Subscriber Only</h2>
<p>We're sorry, the content you are trying to reach is restricted to subscribers only.</p>
<?php } ?>

The code starts by checking the session to see if the user is logged into your WordPress site. If they are logged in, the content is displayed. If they are not logged in, the message states that you are trying to reach restricted content.

In order to utilize the page, you’ll need to select the Subscribers Only page template in the advanced section of your page’s options (on the sidebar). That will restrict the page to readers who are logged in.

If you’d like to get really fancy, you can add a login and logout method to your sidebar as well:
<?php global $user_ID; get_currentuserinfo(); ?>
<?php if($user_ID) { ?>
<li><a href="<?php echo wp_logout_url(); ?>">Logout</a></li>
<?php } else { ?>
<li><a href="<?php get_settings('home'); ?>/wp-login.php">Customer Login</a></li>
<?php } ?>

28 Comments

  1. 1
  2. 2
  3. 3
    • 4

      Hi Partha,

      That would be pretty simple – you could add the same technique to the header of the page and basically say… if (no userid AND page not equal to pagename) then header forward to the login page.

      Doug

  4. 5

    great elegant solution! just what I needed, I was seriously considering building an external login sistem.
    this rocks!

  5. 6
    • 7
      • 8

        It’s not user friendly but that’s ok… I feel like some pictures of what I am supposed to be doing would help. Otherwise… I’m just going to try stuff til it works!

        • 9

          copy page.php , Rename page2.php and insert code above, save file, upload back to content/theme/whateveritiscalled, go to post or page change default page layout to page2.php. No need to create a new page style / layout just copy the one you use and rename it. so fullwidth.php is fullwidth2.php that simple.

      • 10

        Ok so after MANY attempts and watching other tutorials on the internet… I have found that MAKING a new page template is my issue. I make one in a text editor and try to upload it to… where? I don’t even know where to go. I can’t seem to find this secret location to upload to!

        • 11

          So true, LaRocque!  You need to have an FTP program and access to your website’s theme folder so you can upload the file there.  There is NO way currently to do it through the administrative screen.  One exception would be to install a “File Manager” plugin that allows you to make new files.  Be careful, though! 

  6. 12
  7. 13
  8. 14
  9. 15
    • 16

      You can definitely just check for whether or not a user is logged in; however, the method defined above will eventually allow you to use permission levels if you’d like to customize levels!

  10. 17
  11. 18
  12. 19

    OK, so I’ll bite… How would you modify this to allow checking permissions?

    Let’s say – we still want to allow anyone to create their own “Subscriber” username, and post replies.
    BUT – we only grant access to the “Subscribers only” page only to those users specified by an admin?

  13. 20
  14. 21

    Douglas – I used your code – and for the most part it works great!  The issue that I have is that the Logout link returns to a site that doesn’t exist.  I’ve actually tried multiple wordpress codes from around the web to make the log out code work. . . but the user still stays logged in and the return is //wp-login.php?redirect_to=“>log%20in%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20<a%20href=

    Any thoughts?

    • 22

      Looks like it may just be that when the code was copied from your browser, it added a bunch of HTML spaces, Ryan. Copy the code to Notepad or Textpad and then copy it into your template to get rid of that stuff.

  15. 23

    Ok so this is exactly what I need to do but I do have one question. If they are no a subscriber, how can I make a “sign in” or “subscribe” box appear so they can access the content?

    Thanks

  16. 25

    Thanks for the code. will make people mad at me, but they suppose to login when they want some thing not allow everybody free access for making the files easy to find.

  17. 26

    It sounds like this method is subject to session hijacking. The login cookie will be added while in the secure area but since wordpress serves this as a non secure cookie, it will still be served if the user browses back to a part of the site that’s not encrypted.

  18. 28

Leave a Reply