I recently worked on a project that required the ability to only allowed logged-in users access to a particular page. Here's how I got it done.
By default, anyone can view a WordPress page and there are only a few obvious options to change that in the Write page panel. WordPress does afford you the ability to make pages and posts private or password-protected, but neither of those options accomplished what I needed for this particular project.
Private Pages
The problem with setting a page’s visibility to “Private” is that it is hidden from everyone except site editors and administrators. Private pages are hidden from all other registered users on your site, including not showing up in a pages list. I wanted my page to be visible in a list of pages (i.e. in the sidebar) to everyone who visited the site as well as in the main navigation. Then, when a user clicks to view the page I needed WordPress to check if that visitor was logged in and, if not, to display a notice that this page requires login. Because of these requirements, the “Private” visibility level didn’t suite my purpose.
Password Protected Pages
You can also password protect pages, but I didn’t want logged-in visitors to have to enter a password to view the page, so this option was out as well.
Unfortunately, there are no other options for protecting specific pages available in WordPress (without the use of a plugin) unless you’re willing to delve into the code a bit. That said, the task is a simple one and I’ll explain how I did it in the following tutorial.
Create a new page template
First of all, you can view an example of what we’ll accomplish in this tutorial at the homepage for the WordPress Mortgage Calculator Plugin. This is a site I helped develop with a friend of mine who is working on an Ajax-enabled mortgage calculator plugin for WordPress. Once at the site, click the “Download” menu item to see the effect in action.
- The first step in requiring users to log in to view a page is to create a new page template by making a copy of your existing page.php template. I named mine “page_loggedin.php”.
- Once you’ve done that you need to add a name to the template so that WordPress can recognize it as a new page template. Open the new file and add the following to the top (the template name can be anything you want. This is what you’ll select within the WordPress admin when creating your new page) :
<?php /* Template Name: Logged-In Users Page */ ?>
- Next you’ll need to add code to check if the user is logged in and, if not, to display an appropriate message to the user. So add this code just beneath the template name code we added in step 2:
<?php if(is_user_logged_in()): ?>
- Now go to the very bottom of the file and add the following code. This will call the wp_die() function to halt WordPress execution and display a notice to the visitor that he/she needs to first log in to view this page.
-
<?php else: wp_die('Sorry, you must first <a href="/wp-login.php">log in</a> to view this page. You can <a href="/wp-login.php?action=register">register free here</a>.'); endif; ?> - Save that new page template and upload it to your server.
- That’s all the code we have to write. Next, create your new page and under “Page template,” select the new page template we just created.
- Save your new page and that’s it. That page will now appear in any pages lists just like any other page on your site, but when a user who is not logged in clicks through, he/she will receive a notice similar to this:
Notification received is visitor is not logged in
You rock. It worked like a charm in a matter of minutes. I love you (metaphorically speaking).
Thank you! I feel like I’ve been looking forever for the simple answer to having a private section of your website… everyone makes it so complicated. Thankyou. =)
This is way better than all of the other solutions to show private pages in the sidebar. Thanks for your help man!
This works most of the time but I find that I receive http 500 errors the first time a non-logged in user tries to open the page. On refreshing once or twice, the message in “wp_die” is then correctly displayed. It’s as if the “php else” code is skipped sometimes. Any ideas people? Thanks.
Hmm…500 errors can be any number of things. Are you using a caching plugin by any chance?
Hello. No caching plugin in use. I have worked around this by changing the php code to redirect to the login page if not logged in and then do an exit. This is not the same behaviour as in this article but works with complete reliability for me.
Thanks for your reply.
Awesome. Thanks for the update!
the solution worked fine, but wp_die caused my theme to display an error page layout, so i used echo instead…
Thanks for that, worked a treat.