Memberium provides several different tools and tactics to handle page access controls. We’ll list these different tools and tactics and discuss some strategies around how to use them. In this article we’ll talk about “Pages”, but most of the concepts can be used for Pages, Posts and custom post types. Some of the tactics we cover may or may not work depending on what your theme supports. We’ll try to call these out for you, but we can’t cover every possibility that plugins and themes may differ from stock WordPress.
Your Toolkit
Your toolkit is divided into two groups, restrictions that happen at the page level, and restrictions that happen inside the content of the page.
Page Level Restrictions
Page level restrictions are processed by Memberium based on your page access controls. They affect pages, posts and any custom post types that your other plugins might define. You can set your page level restrictions in the Content Protection box that you find in your page and post editors. You can create complex restrictions on who can see the page, and you can define one of several actions when a visitor doesn’t have permission to view the page:
- Redirect
- Show Excerpt
- Hide Completely
Content Restrictions
Content level restrictions are processed by Memberium based on the shortcodes on the page. The shortcode affects anywhere shortcodes can be processed, not just the page content, but also the page titles, and text widgets on the page. Examples of the most common access control shortcodes include:
- [memb_can_view_post]
- [memb_has_any_tag]
- [memb_has_all_tags]
- [memb_has_memberships]
- [memb_is_logged_in]
To Protect the Homepage, Or Not
Some site owners choose to make the site home page inaccessible to visitors, and make it members only. There’s no best practice on this. Whether or not you do that is completely up to you and there’s no right or wrong answer. The cost of protecting your homepage is simply an extra redirect. There is some small amount of overhead to doing this since it turns one pageload into two, but unless you are on a slow server, it’s likely not going to be a burden on your visitors.
Login Page Redirect
In your Memberium dashboard you can define a Login Page. The login page is the page to use instead of the built-in wp-login.php page.
Make sure that the login page you set DOES have a login form. If you find yourself locked out of the site, you can still get back in without taking any extreme measures, but when it happens to you, it’s not a good feeling.
The page that you define as your login page will be visible to all users. This is to prevent the admin from accidentally requiring that the login page only be accessible by already logged in users. Don’t laugh, it’s happened!
Avoiding Redirect Loops
The most popular page restriction action is the Redirect. This sends the visitor to another page if they don’t have access. Redirects are handy because they allow you to keep your site architecture clean by page functionality separate and not have each page doing several things using shortcodes. Most commonly, pages are redirected to your login page, but they’re not limited to this.
What is important to keep in mind is not to create pages that redirect to each other, where the visitor may not qualify to view either page.
The first rule of Redirect club is for the page to not redirect to itself.
We see this most often when the login page is set to “Non-Logged In Only”, and it redirects to a page that requires a membership level. What can happen here is that the visitor may not have that membership level or any membership level, but is logged in. As a result they will bounce back and forth rapidly between the two pages until the browser gives up with an unattractive error message.
The simple solution for this is to make sure that your two pages have the simple opposite requirements. If Page 1 is only visible to not-logged in users, and Page 2 redirects to Page 1, then the content protection for Page 2 should ONLY require that the user be logged in, even the requirement of “Any Membership Level” could be more than the visitor has. A real-world example of this would be if they may have had a failed payment and simply want to login to update their billing information.
Chaining Redirects
Another solution for this is to not redirect two pages to each other, but to work them into a chain of pages that serve an increasingly broad access.
For example, if a dashboard page required Gold access, rather than redirect it straight to the login page, you could redirect it to the Silver Dashboard. The Silver dashboard could redirect to the Bronze dashboard. The Bronze dashboard could redirect to the “My Account” page (Any Logged In User), and the My Account Page would redirect to the login page.
This would create a chain, where each visitor would quickly end up on the equivalent page with the highest level of access to serve them. If they had no access or weren’t logged in, then they would end up either at the My Account page, or the Login page.
Not every page has to redirect directly to a lower level equivalent.
You could arrange your redirects in a hub and spoke pattern. For example, you could have all Gold pages (spokes) redirect to the Gold Dashboard (hub), and then have the Gold Dashboard redirect to the Silver Dashboard, etc. You also don’t need to redirect to dashboard pages. Your pages could redirect to a generic “Insufficient Access” page, which would in turn redirect to a lower level hub.
You are limited only by your imagination (and the need to avoid redirection loops).
Hidden Pages
Hidden pages create a dead-end to the navigation, and will result in your WordPress site displaying the 404 (Not Found) page. You’re not limited to what you can do with the 404 page. While it needs to serve its primary purpose in letting the user know that the page isn’t found, there’s no reason you can’t use it to offer a login or upsell as well. You can also use our PHP functions or shortcodes to display the 404 page differently to your visitors depending on whether or not they’re logged in, or have a particular tag or membership.
In Soviet Russia, Hidden Page hides YOU.
Page Excerpts
This is another powerful page level option that will enable you to display alternate content on your page instead of the main content.
Not all themes and plugins support Excerpts.
If you’re using a plugin or theme that doesn’t work with excerpts, you may want to use Redirects instead. Notable examples are the OptimizePress Theme, which uses a custom drag and drop interface, as well as the LearnDash and BBPress plugins which don’t support excerpts for their different custom post types.
Access Control Shortcodes
Once your visitor has arrived on your page or excerpt, you can then control which parts of the content they have access to using shortcodes. These empower you to break a page into parts, each of which is only accessible to certain segments of your visitors. There is a broad palette of access control shortcodes to serve your every need. These shortcodes look at the current visitor or logged in member and will grant access to the content.
There are numerous tactics you can use Access Control shortcodes for. The following is a list that is intended to inspire you to different ideas, and shouldn’t be considered the only tactics you can employ:
Text Widgets
You can use access control shortcodes in text widgets to display different content depending on the visitor. A real world example of this might be a widget that displays a login form if the user isn’t logged in, and a summary of their membership level and links to the “My Account” page if they are logged in. Memberium enables shortcode processing in widget content areas.
Variable Text
You can use access control shortcodes in page titles and menus to display different text. For example you might add the currently logged in member’s name to a menu or page title to personalize it, and something different if they’re not logged in.
In Page Navigation
You can use shortcodes like [memb_can_view_post] to show links to other pages if the visitor has access. These can be combined into powerful navigation screens. An example of this is here.
Bonus Content
You can provide bonus content to your members if they have a particular tag. For example you may be running a sale, and offer a bonus for anyone who buys before before an early-bird deadline. You would add a special tag to those buyers, and then use a shortcode like [memb_has_any_tag] to only show the bonus content to those members. This way you can deliver the bonus content alongside the main content for your members convenience or to keep it with related mainstream content.
Adaptive Promotions
One of the most powerful uses of conditional shortcodes is to show upsell offers or promotions to people who fit a specific marketing segment. A simple example would be to offer an upsell to “Gold” membership level to “Silver” members, and offer a “Silver” upgrade to Bronze members. While you could always offer everything to everyone, this tactic lets you target a natural and less jarring ascension path for each individual that makes it more likely for them to say “Yes”. This isn’t limited to upgrades, it could be an offer for a free or paid event (such as an office-hours call), a product or service extension that compliments their current access, or an alternate payment plan, such as saving money by going on an annual payment plan instead of a month-to-month.
By carefully targeting your offers and your language to a specific segment’s pain and aspirations, you increase the chance of your visitor being interested and taking your offer.
Redirect Shortcode
In addition to the access control shortcodes, Memberium also provides a redirect shortcode. It’s important to note that for most webservers, the redirect shortcode relies on JavaScript to do the redirect. Because JavaScript can be disabled or blocked by the browser you should not rely on the redirect shortcode alone to protect your content, but only to take your visitor to an alternate page. Where possible it’s preferable to use the page protection redirects which operate before the page is displayed, and therefor both protect your content reliably, AND don’t rely on JavaScript.
