Home » Docs » Access Control

Access Control

Learn how to protect your valuable content with Members Only.

Overview

Members Only can help you protect your most valuable content so that only paying members can access it. This is controlled by a setting called Enable members-only site. By default, this is turned off, so that you can configure it the way you want without impacting any existing content you may have.

A screenshot of the "Enable members-only site" option in the Members Only settings page

When you enable this option, most content is treated as members-only content and requires a membership to view.

These pages are always treated as public by Members Only:

  • Home page – this is your site’s main landing page. Visitors will always see this. If your home page shows embedded content from other posts, pages, etc., the content of those will be restricted to non-members if required by your configuration of Members Only. For example, if your home page shows a list of blog posts and you have Posts not set as Public, then Members Only will only show the excerpt + Restricted Content Message.
  • Account page – this is treated as public so you can use it as both a login page and an account page. To do that, you need to add the Login Form block and the Account Dashboard block to your page. In this scenario, here’s how it would work:
    • Logged out users
      • Login Form block displays a login form
      • Account block shows nothing
    • Logged in users
      • Login Form block shows nothing
      • Account block shows list of user’s subscriptions, if any.

Learn more about the blocks included in Members Only here.

While most content is treated as non-public by default, you can override this behavior in a couple of ways.

Public post types

If you want to designate certain content types as public, you can do that using the Public post types setting.

A screenshot showing the "Public post types" setting on the Members Only settings page.

When you check the box next to one of the post types, that instructs Members Only to treat it as public, and therefore the content will not require a membership. If a post type is defined as public, you can still mark certain individual posts as requiring a membership. See Individual Post Override below.

Individual post override

If you have a post type defined as public but want to make some posts within that content type require membership, you can do that on the individual post edit screen.

For example, let’s say you’ve configured all your Posts to be public, but have a post you want to make available to members only. You can set that post to require membership by checking the Requires membership box in the Post Visibility panel.

On the other hand, if you have a post type that typically requires membership but want to make one of them public, you can check the Available without membership box in the Post Visibility panel.

Restricted Content Message

Use this setting to customize the message that is shown to users that visit member-only content without a membership. This is useful for crafting your marketing messages, perhaps with a link to a page where you have your Stripe Checkout buttons displayed.

Session limit

To discourage account sharing, you can institute a session limit policy that defines the number of concurrent login sessions an individual account can have. The default is 2, which is good for letting users sign in on multiple devices like their computer and their smartphone.

You can set this value to any positive number you want. To disable session limits and allow an unlimited number of logins, set the number to 0.

Hide admin bar

By default, WordPress shows the “Admin Bar” to all logged in users. Since most of the links in the admin bar take users to the WP-Admin dashboard, you may want to hide the bar to streamline the user experience.

When this setting is enabled, Members Only will hide the admin bar all users except for those who have the edit_posts capability – which by default are users with one of these roles: Administrator, Editor, Author, Contributor.

When Members Only creates user accounts during the signup process, they are given the lowest role of Subscriber, and therefore will not see the admin bar when this is enabled.

You can override this behavior programmatically using the members_only_hide_admin_bar filter.

Prevent wp-admin access

By default, logged in users can access /wp-admin on your site to edit their profile and other very limited actions.

When this setting is enabled, Members Only will prevent all users from accessing wp-admin except those with the edit_posts capability – which by default are users with one of these roles: Administrator, Editor, Author, Contributor.

When Members Only creates user accounts during the signup process, they are given the lowest role of Subscriber, and therefore will be unable to access wp-admin.

If a user without the proper permission tries to access wp-admin, they will be redirected to the Account page you have defined in the Members Only settings.

You can override this behavior programmatically using the members_only_prevent_wpadmin_access filter.