One topic that I often see coming up is how to restrict a certain category, tag, topic, post type, custom taxonomy, or what not from visitors of a WordPress site, to only people we want to allow access to.
The answer is pretty simple. It doesn’t really matter what kind of content you want to restrict, but you do need to know of what type your content is.
The Basics
The basic functions you will be needing are : is_user_logged_in() and wp_redirect()
With these two functions, you are redirecting any person that is not logged in to the login page. A sample snippet would look like this
add_action( 'template_redirect', 'bn_redirect_all_visitors' );
function bn_redirect_all_visitors(){
if( ! is_user_logged_in() ) {
wp_redirect( '/wp-login.php' );
exit;
}
}
Note that wp_redirect() does not exit automatically and should be followed by an exit statement.
Here’s another list of functions you might need depending on what you are trying to protect.
Checking For Specific Contents
Ok so now you might not want to redirect everyone that’s trying to access any pages on your website. So let’s say you have a category named Recipes with the slug recipes. You might want to allow access to that kind of content to logged in users only which might be paid members.
It’s not that much harder, so let’s modify our function from before.
add_action( 'template_redirect', 'bn_restrict_recipes' );
function bn_restrict_recipes(){
if( ! is_user_logged_in() && ( is_category( 'recipes' ) || in_category( 'recipes' ) ) ) {
wp_redirect( '/wp-login.php' );
exit;
}
}
What we did here is that we added the is_category() check, which will return true if we are trying to access the Recipes category which we told the function by passing the recipes slug as an argument. We also want to return true, and restrict access, if we are trying to access a post that has the category Recipes by supplying the slug to the in_category() function. If either of these two are true, and the user is NOT logged in, he will be redirected to the /wp-login.php page. Now you might as well want to redirect your user to the signup page, the home page, or anywhere you find appropriate depending on your particular project.
What About Premium Content For Logged in Users?
Another scenario would be to restrict content for logged in users that don’t have enough privileges to view some type of content.
Now I must say that this is a bit more complex and will greatly depend on how you have built your member/client profiles. This is achieved with Roles and Capabilities
Ok, I’ll give a graphical example of that. Let’s take our recipes from before, but let’s say that you have some premium video content that is only accessible if the member purchased the all inclusive package and not just the basic one.
Here we might have a Video Recipes category with the slug video-recipes.
We would also have a role of basic_member and premium_member.
To restrict access to the premium content our function would look something like this.
add_action( 'template_redirect', 'bn_restrict_premium_content' );
function bn_restrict_recipes(){
if( ! is_user_logged_in() && ( is_category( [ 'recipes', 'video-recipes' ] ) || in_category( [ 'recipes', 'video-recipes' ] ) ) ) {
wp_redirect( '/wp-login.php' );
exit;
}
if( is_user_logged_in() && current_user_can( 'basic_member' ) && ( is_category( [ 'recipes', 'video-recipes' ] ) || in_category( [ 'recipes', 'video-recipes' ] ) ) ) {
wp_redirect( '/upgrade-membership' );
exit;
}
}
Here we check like before if the user is not logged in, then redirect to login page.
Then if current user is logged in, if he/she is of the role basic_member and if he’s/she’s trying to access a restricted content, then redirect to the upgrade membership page. Like I said this remains an example.
I added the use of current_user_can() which will check against a users role or capabilities. Here I used the role to keep the example as simple as possible. But in real life, you will most likely use capabilities to check against. I will write another piece to demonstrate just that to keep it neat and simple.
Restrict backend access to administrators only
This is a function that a lot of you want and the code needed to accomplish this is again quite small.
Here it goes!
add_action( 'template_redirect', 'bn_rescrict_backend' );
function bn_rescrict_backend(){
if( ! current_user_can( 'manage_options') && is_admin() ) ) {
wp_redirect( home_url() );
exit;
}
}
So what we did here is to check against the capability of manage_options which only administrator have, we also checked if the request was on the admin area. So if the user cannot manage_options and the request is for the admin area, then we are redirected to the home page as defined in the settings.
One last thing
I know you read everywhere that you should put these functions in your functions.php file. But this is wrong. You should only put functions in that functions.php file that are theme dependent. No customization that affect the behavior of your site should go there. Instead, you should make a plugin for that purpose. It’s rather simple to make a plugin and you’ll have the benefit of keeping your site’s functionalities if you decide to change your theme. I’ll cover the basics of making a WordPress plugin in another article.
The TL;DR
I obviously didn’t cover all the possible scenarios out there, but I hope this was clear enough so you can adapt it for your needs.
That being said, I invite you to suggest another scenario that I might update this document with or a comment on how to improve what I already discussed about. Feel free to share and comment below.
Nice post! Thanks for sharing this.
Thank you, this is exacty what I needed 🙂
Glad it was of service 😉