Specify the level of access to different pages at the time of user creation

I created something along these lines for a client a few months ago. I couldn’t find anything that did what I needed at the time. It will require some custom code (nothing too crazy). I will try give a quick breakdown of how I did it, to help give you an overview of what you need to do, and things you need to consider.

I also created user groups to collectively manage a group’s access rather than individual users, but you can skip that part and just focus on the users without groups.

Important: I decided to break the access level for content on the site into 3 tiers, public, logged-in, and private. So in my management interface I would specify each page being one of these three tiers. So now I can make for example the Home page and about page accessible for anyone by setting it to public, and then the contact page only accessible to anyone who is logged in, and then finally maybe a store page only accessible to a certain group of users.

//Database
I created 3 tables:

  • wp_user_groups — This is the user groups, just had id, slug and title, but the slug and title were just for management purposes.

  • wp_user_group_access — This is a pivot table (group_id, post_id) where you link group ids to post_ids (post_ids = page_ids).

  • wp_user_user_group — Another pivot talbe (group_id, user_id) to link users to groups. Again if you don’t intend to use groups you can skip straight to just doing a user access where you assign the access to post_ids directly to users.

  • Page access levels — At the time I decided to store these in wp_options arrays containing the ids of the posts instead, so I had 3 wp_options, access_posts_public, access_posts_logged_in, and access_posts_private. You can still use a table, but in my case a wp_option is a bit simpler to manage and works well.

//Management UI (wp-admin page)

You need to create a small management interface where you can create groups, add users to groups, and assign page/post access to groups.

//Authentication

Now you need to check if the user is allowed to access the requested resource. For the (wp)functions that I collectively used, I found the template_redirect action hook to work best for this.

You should do something a little cleaner than this, like set up an authentication class, but essentially in you functions.php file add:

add_action( 'template_redirect', custom_authentication );
function custom_authentication() {
  //Authentication checks
}

Then the order of the authentication checks to make it as simple as possible:

  • First check if the page/post id is in the access_posts_public wp_option, if it is, return (end) the function.
  • Check if the user is logged in, if not redirect them to a login or other page.
  • Check if the user is a admin, if they are we can just return the function as you probably don’t want to block admins from viewing pages.
  • Now the user is logged in, check if the page is in the access_posts_logged_in wp_option, if it is, return (end) the function.
  • If we reach this point then the post/page is set to private. Check then if the user is in a group that has access to this post/page.

Related Posts:

  1. How to restrict attachment download to a specific user?
  2. Using JWT to authenticate a user with an external system?
  3. Allow anonymous user to access Themes Customizer
  4. Is there an existing capability to allow editing of only pre-existing pages? If not, a good way to implement this?
  5. How to make user inactive by default while registering?
  6. How to set privilege to wordpress subscriber for private page
  7. authenticate user without password from email activation link [duplicate]
  8. User Access Manager plugin
  9. How can we Restrict to access a certain wordpress page to all ip address except some which we allow
  10. Restrict post to user_id
  11. add_option_page capability behaving strange
  12. Access denied on Published Pages but not on WordPress /wp-admin/
  13. Allow non logged users to visit only login page and password reset page
  14. How can I allow users to make groupings of posts
  15. Is user listing on wordpress private?
  16. How to restrict logged user to view only certain pages?
  17. Limit post display to post authors and create an exception for specific pages
  18. How to “Global Ignore” / “Hell Ban” someone, restrict post visibility to the author only?
  19. Conditional menu for registerd users/guests (Genesis framework)
  20. How can I create an upload page for (and only visible to) specific users?
  21. remove wp admin menu by customer user role
  22. Custom Roles for access to specific term(s)
  23. ‘post’ only for editor and administrator
  24. Why: sticky front page code, shows latest non-sticky on logged-in front page
  25. Access denied error when logged in as admin
  26. Disable all admin UI access to authors (except to custom post type add, edit and modify)
  27. Hide all pages except landing page
  28. How to restrict access to a page?
  29. How can I change access permissions across many pages?
  30. How do I get the access type in WordPress?
  31. Profiles site with access levels
  32. User access control in sidebar archive and categorires
  33. Plugins that restrict access based on user group/roles
  34. Restrict access for wp-admin panel
  35. When add analytics script, wordpress user login not working
  36. Hide WordPress “wp-admin” dashboard to User IDS
  37. I cannot access but but wp-admin works normally
  38. about visibility in wordpress regarding of roles
  39. Can access main URL and Dashboard but not any posts or pages [closed]
  40. How to List only the users created by a particular user
  41. How to enable to the user send content and save as draft entry?
  42. How to give members access to their own protected page?
  43. Use WordPress engine for user registration and management
  44. How to make future posts visible to selected visitors without login
  45. Add existing user as administrator
  46. Split post edit screen into sub-edit screens for users, is this good or bad, and is it possible?
  47. Suggestions for allowing basic users to view their own posts?
  48. How to restrict posts only from a certain category
  49. Two users attempt to modify a page
  50. How to enable suggested edits?
  51. How to restrict access to uploaded files?
  52. wp_update_user not updating
  53. Can an admin check passwords of registered users?
  54. How can I hide a category from Contributors in the edit/add new post screen?
  55. Restrict users on multisite WordPress install
  56. Basic auth WordPress REST API dilemma
  57. How to remove “Super Admin” from All Users for those that are not a “Super Admin”?
  58. Remove Custom Post Type menu for non-administrator users.
  59. Custom user profile, registration, login page with theme
  60. Restrict the user access in multi site for non-assigned blogs
  61. moving server can not login
  62. What is the difference between “create_users” and “add_users” capabilities?
  63. How can I get multisite primary blog (url or path) for current user?
  64. Can I create users that have access to *some* other users posts instead of all other users posts?
  65. Let new user role to ‘edit_others_posts’ of other user role, not of its own type
  66. How to Add Author Editing Capability to Existing Post by Admin
  67. Custom post type capabilities require “create_posts” to access the edit posts list page
  68. Share user table from WP with Drupal
  69. Log all users out of all locations after 24 hours
  70. How do I remove the Other Roles field (from User Role Editor plugin) in wp-admin/user-new.php
  71. Plugin to restrict access to pages in wp-admin
  72. wordpress editor role remove all but ‘menus’ in appearance menu
  73. How can I migrate (export and import) wordpress users without loosing their password?
  74. Dangers to allowing Access-Control-Allow-Origin: * for Feeds only?
  75. DOMAIN_CURRENT_SITE constant being regularly overridden [closed]
  76. Make pages visible to only logged in members
  77. User restricted only show posts assigned to current user
  78. One Site as a part of Multisite to be hidden (Un-published) from Public?
  79. Timed content and flagging content as viewed by user?
  80. Hide front-end from every logged out user and redirect them to the default login page
  81. Redirect user to specific link after login
  82. Accessing a protected property of a post
  83. Disable site visiting and user logins excepting for a specific user
  84. How to check main site user level from subsite in a multisite network
  85. How do I share a site only to one User at the time? Please help 🥺🙌
  86. 404 error on new pages but only for non logged in users?
  87. How To Remove Import/Export Option From Tools?
  88. I can’t recover my password
  89. Can I edit domain settings if I didn’t create the site?
  90. restrict admin panel sections to users
  91. I can not access my local PhpMyAdmin control panel
  92. Allowing users to edit only their page and nobody else’s
  93. Users are required to login to my site. How define user.member boolean, its permissions, and conditionally display/handle behavior based on it
  94. How to bulk change user role to “No role for this site”
  95. Is it possible to restrict a specific user to edit a specific custom post.
  96. search does not yield access restricted results
  97. Allowing logged in users to create custom posts
  98. Is it possible to tell if a user is logged into WordPress from looking at the cookies which are set?
  99. Front-end ajax problem all users and guests getting a 302 redirect when accessing wp-admin/admin-ajax.php
  100. determine active user browser at the same time