Skip to content
Read For Learn
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP

backend access per user status

I decided to still provide an answer based on the premise of the title backend access per user status

Note this is an explanation to the concept of granting or restricting access based on user statuses (roles or capabilities). So this could or could not be applied directly to your situation since you make use of a third party plugin with it’s own logic. But still, I believe it relevant because I’m showing here some fundamental WP access logic which I’m sure your plugin is based in part or in whole upon.

Now for the long explanation!

Basically, what we want to do is

  • Check our current user status level ( I would map statuses to capabilities)
  • If status is active then grant access to dashboard.
  • If status is anything other (pending, canceled, inactive, etc) then redirect to signup page
  • I’ll keep the complexity low for the purpose of this explanation, but we could check for more contexts and apply different rule for each context. Here it’s going to be “active” and else
  • The logic of attributing and modifying membership levels to a user will be kept out because this is what the membership plugin does (and is beyond the scope of this explanation). So again, I’ll focus on backend access per user status assuming that the status logic is taking care of by another process.

So WP roles and capabilities offer great flexibility to manage a user’s site access and restrictions.

A role is like a container for capabilities and defines the context of a user.

Capabilities are flags on which we can check on to know if an action is permitted or not. For instance edit_posts is a WP capability. Having the check if( current_user_can( 'edit_posts' ) ){ // Do something } will return true if the flag for edit_posts is set, the we do something, if not, it will fail and we can do something else or bail out.

A role can have 1 or more capabilities, we can add custom capabilities to roles and we can remove capabilities from roles. We could also just toggle the flag which is better in terms of DB query (flag toggle are done at runtime so no DB queries)
We could also make custom roles with core capabilities or our own custom ones. That is what makes WP so flexible for many use case.

We can add capabilities on the fly for specific user or special contexts with the use of filters.

Back to your membership plugin. I assume the plugin would do a bunch of checks to see if a membership subscription is valid or not. I also assume that you have at least 2 roles available. Let’s call them Active Members for valid memberships and Inactive Members for memberships that are expired, canceled etc. If you have a user that is not a member yet, he might use WP core role subscriber which has no real capabilities except access his/her profile page. Again, I take for granted that the membership plugin would programmatically change the role of a user based on the validation of his membership status. ( Normally this is/should be done by any (good) membership plugin )

Finally, once all that is set, we would have a function that would use the current_user_can function and user_has_cap filter and modify the user’s access based on is current role. (The current role is based by the plugins verification of membership status)

Here’s an example based on what I just layed out. Our Active Members roles should have a capability to see_premium_content (or whatever this is for the example) which our Inactive Members would not or be set to false. Based on that, we would need 2 functions to check and restrict. It would look something like this.

add_action( 'init', 'wpse_backend_access_rules' );
function wpse_backend_access_rules(){

  // check to see if current logged in user can "see_premium_content" add restriction if not by modifying capabilities
  if( ! current_user_can( 'see_premium_content' ) ){
    add_filter( 'user_has_cap', 'inactive_membership_cap_filter', 10, 3 );
  }
}


function inactive_membership_cap_filter( $allcaps, $cap, $args ) {

  // give only permission to access own profile in dashboard.
  // On the profile dashboard, you can output a message inviting to sign up again.
  $allcaps = array(
    'read' => true
  );

  return $allcaps;
}

Related Posts:

  1. In Django, how do I know the currently logged-in user?
  2. Can I programmatically login a user without a password?
  3. Can’t log in: “ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.”
  4. Is there any way to rename or hide wp-login.php?
  5. How to login with email only no username?
  6. How can I redirect user after entering wrong password?
  7. Increase of failed login attempts, brute force attacks? [closed]
  8. Login page ERROR: Cookies are blocked due to unexpected output
  9. Separate registration and login for different roles
  10. SSO / authentication integration with external ‘directory service’
  11. Preventing session timeout
  12. How reduce wordpress login session timeout time?
  13. How to prefill WordPress registration with social details
  14. Check for correct username on custom login form
  15. Disallow user from editing their own profile information
  16. I can’t access my site via wp-admin
  17. ‘Password field is empty’ error when using autofill in Chrome
  18. Removing username from the ‘wordpress_logged_in’ cookie
  19. How to show ‘login error’ and ‘lost password’ on my template page?
  20. What is $interim_login?
  21. Custom login form
  22. How to prefill the username/password fields on the login page
  23. wp_signon returns user, but the user is not logged in
  24. Adding extra authentication field in login page
  25. Prevent wp_login_form() from redirecting to wp-admin when there are errors
  26. Redirect user using the ‘wp_login_failed’ action hook if the error is ’empty_username’ or ’empty_password’
  27. wp_signon() does not authenticate user guidance needed
  28. What exactly is ReAuth?
  29. What are the differences between wp_users and wp_usermeta tables?
  30. Login members using web services
  31. Make my wordpress blog remember my login “forever”
  32. How to check in timber if user is loggedin?
  33. How do I change the language of only the login page?
  34. Disable WordPress 3.6 idle logout / login modal window / session expiration
  35. Stop WordPress from logging me out (need to keep me logged in)
  36. Woocommerce registration page [closed]
  37. How to disable autocomplete on the wp-login.php page
  38. Share login data/cookies between multiple installations
  39. Synchronize WordPress user accounts across multiple domains and installations without using WordPress MU
  40. How to pass users back and forth using session data?
  41. How do I change the logo on the login page?
  42. Why does WordPress hide the reset password key from the URL?
  43. Is it possible to sign in with user_email in WordPress?
  44. How to use current_user_can()?
  45. Avoid to load default WP styles in login screen
  46. WordPress registration message
  47. How to fake a WordPress login?
  48. how to display the wordpress login and register forms on a page?
  49. Does wp_logout_url() destroy a session? (Logging out question)
  50. How can I send a welcome email to a user AFTER they login for the first time?
  51. Can not login with correct username and password
  52. Website Visible only to Registered users
  53. How can i increase the login expiration length?
  54. How do I use add_action from a class method?
  55. How to remove the WordPress logo from login and register page?
  56. How can I add a custom script to footer of login page?
  57. Brute force attack?
  58. Customize wp_new_user_notification_email()
  59. Need to execute a cron job
  60. Login email after registration never sent or received
  61. How can I create a separate blog that is private?
  62. How to keep always logged in development environment
  63. Add Confirm Password field in wp-login.php Password Reset page
  64. Integrate recaptcha and wp_signon – what is needed?
  65. Stop users from logging in from multiple locations
  66. I want to disable E-Mail verifcation / activation when a user signs up for my WordPress site
  67. custom login page redirect to logged in user profile page
  68. Email address or username used to login in wordpress
  69. How do I check if a post is private?
  70. Front-end login: Redirect user to the post they had created
  71. Receiving “This content cannot be displayed in a frame” error on login page
  72. My login form does not work
  73. Programmatically log in a wordpress user
  74. Action wp_login_failed not working if only one field is filled out
  75. Getting “Cookies are blocked or not supported by your browser” on login page
  76. What is the purpose of logging out after WordPress upgrade?
  77. Is it alright for two people to simultaneously be logged into a WP site as administrator?
  78. wp-login.php redirecting to HTTPS
  79. Display last login time
  80. How to customise wp-login.php only for users who are setting a password for the first time?
  81. Intentionally Force Failed Login WordPress
  82. How do I turn off the ability to login?
  83. Gaining Login Access via the Database
  84. How can I test the login for an expired session?
  85. Give visitor access to password protected page/post via external script
  86. Send reset password link to user from custom lost password form
  87. What hooks should I use for pre-login and pre-registration actions?
  88. WordPress Login Footer URL
  89. Remove built in wordpress login and use only google auth
  90. Websites defaced by uploading script using theme editor
  91. wp_login action hook not working
  92. Make wordpress admin failed login attempt return 401
  93. Cookie settings for session across WPML subdomains using custom AJAX login
  94. How to translate “wrong password” message
  95. Login redirect_to loop with reauth=1, cookie expiry set to 1 year in past
  96. User Login Form Outside the Default wp-login Form
  97. Change sign-on URLs for security purposes
  98. Change Login Page for a Multisite Subsite
  99. Change admin login URL
  100. moving server can not login
Categories login Tags login
Permalinks incorrectly inserting multiple categories
403 Forbidden on site logo image upload

Recommended Hostings

Cloudways: Realize Your Website's Potential With Flexible & Affordable Hosting. 24/7/365 Support, Managed Security, Automated Backups, and 24/7 Real-time Monitoring.

FastComet: Fast SSD Hosting, Free Migration, Hack-Free Security, 24/7 Super Fast Support, 45 Day Money Back Guarantee.

Recent Added Topics

  • Bug in translation system: load_theme_textdomain() returns true, files are available and accessible but the language defaults to english
  • Custom Elementor controls not appearing in the widget Advanced tab using injection hooks
  • Get the name of the template/*html file used
  • Trying to Add Paging to Single Post Page
  • Sharing media files between live and staging servers
  • How to display the description of a custom post type in the dashboard?
  • Critical error on image display
  • Copying WP data and files into new install?
  • How to determine the DirectAdmin WordPress backup date?
  • How to get list of ALL tables in the database?
© 2026 Read For Learn
  • Database
    • Oracle
    • SQL
  • algorithm
  • asp.net
  • assembly
  • binary
  • c#
  • Git
  • hex
  • HTML
  • iOS
  • language angnostic
  • math
  • matlab
  • Tips & Trick
  • Tools
  • windows
  • C
  • C++
  • Java
  • javascript
  • Python
  • R
  • Java Script
  • jQuery
  • PHP
  • WordPress