Brass Blogs: Web Design & Development

Oh, this was something I was going to save for my redesign. I’m about 98% finished with my website redesign (which is SO BADLY needed – but you know the whole thing about cobbler’s children and all), and this tutorial was going to be one of the first new items I put on the blog. However, I’ve found myself, over the last couple of weeks, hearing the same question asked over and over again (with different words of course – they think they are asking a different question, but they aren’t) and me answering it the same way over and over again.

As to this one point, I do not blame anyone for asking the same question over and over again,because I can understand how they think their situation is different. So hopefully no one thinks I’m a big, fat meanie that’s “venting about complainers” or something – because I’m totally not. I’m just tired of typing the same answer a lot, so I figured I’d put it one spot so I can just link to it and save my fingers from cramping!

Okay, so the question is this: “What’s the best plugin for turning WordPress into a membership directory?” (or another variation: “How to do keep [insert some page or file name here] from being accessed by people who shouldn’t have it?” There’s many more variations, but I think you get the idea.)

It’s actually a LOT easier than you think, and it really doesn’t require an extra plugin. Don’t get me wrong, an extra plugin will help (especially with more advanced variations on the theme), but it’s not necessary. Really, you just need one single function that is actually already a standard part of WordPress core: is_user_logged_in().

Basic Form

Now, your most basic requirement would be to, say, keep a section of your site from being viewed or indexed by Google. Be it a single post, or Page, or an entire section (like a whole category, or custom post type, or a set of Pages – what have you): the above function is pretty much all you need. Most people’s first line of thought is to make a Page or a post, and then password-protect it.

That’s fine, but there’s a big problem with this: you have to add a password to each individual Page or post you want to do this to. So if you password-protect several Pages, that means when someone goes to view it, they have to enter in a password for every. Single. Page. (A second quasi-issue is, you have to remember the password. WordPress doesn’t provide a way to “remember” or show passwords you’ve set on posts, so if you forget, you have to reset the password – then everyone who has it saved has to re-save them again.) So annoying. End user experience: shot.

There’s so many other ways to accomplish it, too, but if you already know what section it is that you want to have “protected”, and you know no more sections will be added to it, you can simply add the above function to your theme file (index.php or content.php – whatever it’s named that actually pulls in the content). Basically, you just want to find <?php the_content(); ?> and replace it with this:

1
2
3
4

<?php 
if(is_page('Some Page Name Here') && is_user_logged_in() == TRUE) the_content();
else echo "You must be logged in to view this page.";
?>

That’s pretty much the simplest form of doing it right there. Basically it checks to see if the user is logged in, and if they are, it’ll show the content, if not it’ll tell you that you need to log in. BAM. Done.

You can use this function with current_user_can() and even associate content with the user level as well, for, say, doing “tiered membership levels”.

Of course there’s TONS of variations on this theme. For example, if you’d like to dynamically adjust what’s seen and what isn’t (i.e. there’s posts or Pages in the future where you’d like them to be hidden), you could do something as simple as adding a custom field (or a category, or a custom post type) that you can check a box to keep it hidden, and have the theme look for that flag. An example of this:

1
2
3
4
5

<?php 
$members_only = get_post_meta($post->ID, 'members', TRUE);
if($members_only == 'yes' && is_user_logged_in() == TRUE) the_content();
else echo "You must be logged in to view this page.";
?>

This is such a cool process because it negates the need for password-protected pages and stuff – you no longer need that extra step. If someone’s logged in, they see it – if they aren’t, they won’t.

Now I just did a site where there was full-on paid membership requirements for the WordPress site. This is the part where you could roll your own code (and believe me, I have before – and I can tell you how, but that’ll be a tutorial all on its own for another day), but why reinvent the wheel, right? What I did was simply use two additional plugins: Gravity Forms and Theme My Login.

Note that Gravity Forms is not free – but I tell you it’s worth the price, ten times over. And no, I have no affiliation with them to try and sell it to you. Buy it or not, I don’t care – I get nothing either way. But I’m extremely happy with them, and I recommend them highly!

Theme My Login isn’t required, but I’ll tell you why (later) it’s a nice addition that will solve some issues that will crop up.

Gravity Forms

The reason I like Gravity Forms is because you can easily create a really customized form – it’s DEAD easy. Drag-and-drop, baby. It even allows you to roll up your sleeves and add some customizations to it that require coding and filters, if you are so inclined. So if you’re running a membership site that requires the applicant to, say, provide an address and phone number, you can use Gravity Forms and the Registration Add-On and you’ve got yourself a full-on membership plugin. (You can also use Gravity Forms as a paid membership plugin, using the above add on as well as the PayPal Add On, but you have to have a developer’s license for the PayPal addition, which may be out of the price range of some people. But since most people that read my stuff are developers, then that probably isn’t the issue. You’ll make your money back hand over fist.)

I’m not going to do a step-by-step on how to use Gravity Forms and the Registration Add On (because there’s already tons of that out there – you basically just create the form and map it to user fields – I don’t need to add another tutorial to the saturated list.) But once you get the form created and mapped, you’re set to have members go to that page and apply to join up. The information from the fields is mapped to some of the WordPress profile defaults and the rest is popped into the usermeta table (so you can access it later, say, for a member profile page).

I’m going to put in a note here: a lot of people like “membership directories” as well. Gravity Forms has a “directory add on” that’s available – it’s something someone created to work with Gravity Forms, but it’s not developed or handled by the Gravity Forms people itself. I tried it, initially, and it works pretty nicely. But if you want a customized directory (or one that shows more information the higher you go up the user level chain) it’s not a good solution. I have nothing against the Add-On itself, it really does work as advertised, but when I needed to get it customized to suit the project I was working on, I ended up coding out my own. (Hey! another tutorial for later!)

Now, you could stop there. But there is an issue that will happen if you do: the default WordPress login page will still exist, and people can still have access to it if they know where it is. Considering “allow registrations” must be activated to…you know…allow people to register, that means if someone knows where the default login form is, they can manually type in that address, bypass your sweet form, sign up and done. They’ve bypassed everything, and become a member without your approval.

This is where Theme MyLogin comes in handy. You can set this plugin up and it’ll take over, and it’ll format your login page to look exactly like the front end of your site. You can set it so, when someone logs in, they will never, ever, ever see the back end – not even to edit their profile page (if you activate the “Theme My Profile” portion of the plugin). In the site I did, I had this setup for everyone except administrators – they would redirect to the back-end of WordPress if they were logged in. All other user levels would redirect to the page they were at before they logged in.

Using the two plugins together really makes for a nice “membership” website that really is simple to create. (Add on Events Manager and you can have events for members and public events that people can pay for tickets and RSVP to as well! Again, no affiliation – just like it.)

Downloadable Files

Another issue is that some people simply want to keep a file download private. This is a bit more difficult than just restricting Page/post content. If someone actually does access the file (legitimately) and they link to it from somewhere, there’s nothing to stop them from directly linking to the file itself, since they know the URL. And if it’s emailed – especially through a gmail account – fahgeddaboudit. Google will index it (Gmail = Google – yet another reason to not send passwords and login info/sensitive data through email!), and next thing you know it’s showing up in Google search.

So what do you do?

There are different solutions (as far as file downloads go). Now, you can find a plugin that will protect these files – I know a lot of people who like LinkLok. There’s also a few plugins in the repository that look promising. But you can also do a couple of things yourself if you like (and don’t want to depend on a plugin). One thing is to place the images above the public root of your directory (with some hosts, the public directory is “www” or “public_html”) – when you do that, people can’t link directly to it (or type in a URL to access the file) since it’s a level above public access. Then you can create your own method of allowing permitted users to access the file by using a bit of PHP code. Now, this method requires that you FTP into our server to upload the files you want to add, which is one option. But you can also create a little admin page for yourself where you can upload this stuff and handle it through the WordPress back-end, and it stays out of your Media stuff (it’s all nice and compact, in one spot, away from all the other stuff.) – which actually…

I’m so bad! I thought I’d published that as a tutorial some time ago, but I guess I’m wrong! So I suppose I have something new to write about at a later date!

In any case, using a plugin (or adding something like LinkLok to your site would help alleviate the issue of keeping downloadable files secured

It really is that easy.

You don’t need to go purchase big membership plugins, or pay out the nose to make some content visible to some while hidden from others. It’s already built in to WordPress to allow that to happen. With just a couple of extra additions, you’ve got yourself a nice little membership site with everything you need Hopefully this will be a help to someone!

And yes, I swear I’ll put up the other promised tutorials – but really, don’t make me do it until I get my redesign finished!