By default, anyone can view a WordPress page and there are only a few obvious options to change that in the Write page panel. WordPress does afford you the ability to make pages and posts private or password-protected, but neither of those options accomplished what I needed for this particular project.
Why Not Private Pages?
The problem with setting a page’s visibility to “Private” is that it is hidden from everyone except site editors and administrators. Private pages are hidden from all other registered users on your site, including not showing up in a pages list. I wanted my page to be visible in a list of pages (i.e. in the sidebar) to everyone who visited the site as well as in the main navigation. Then, when a user clicks to view the page I needed WordPress to check if that visitor was logged in and, if not, to display a notice that this page requires login. Because of these requirements, the “Private” visibility level didn’t suite my purpose.
Why Not Password Protected Pages?
You can also password protect pages, but I didn’t want logged-in visitors to have to enter a password to view the page, so this option was out as well.
Unfortunately, there are no other options for protecting specific pages available in WordPress (without the use of a plugin) unless you’re willing to delve into the code a bit. That said, the task is a simple one and I’ll explain how I did it in the following tutorial.
Create a new page template
First of all, you can view an example of what we’ll accomplish in this tutorial at the homepage for the WordPress Mortgage Calculator Plugin. This is a site I helped develop with a friend of mine who is working on an Ajax-enabled mortgage calculator plugin for WordPress. Once at the site, click the “Download” menu item to see the effect in action.
- The first step in requiring users to log in to view a page is to create a new page template by making a copy of your existing page.php template. I named mine “page_loggedin.php”.
- Once you’ve done that you need to add a name to the template so that WordPress can recognize it as a new page template. Open the new file and add the following to the top (the template name can be anything you want. This is what you’ll select within the WordPress admin when creating your new page) :
<?php /* Template Name: Logged-In Users Page */ ?>
- Next you’ll need to add code to check if the user is logged in and, if not, to display an appropriate message to the user. So add this code just beneath the template name code we added in step 2:
<?php if(is_user_logged_in()):?>
- Now go to the very bottom of the file and add the following code. This will call the wp_die() function to halt WordPress execution and display a notice to the visitor that he/she needs to first log in to view this page.
-
<?php else: wp_die('Sorry, you must first <a href="/wp-login.php">log in</a> to view this page. You can <a href="/wp-login.php?action=register">register free here</a>.'); endif;?> - Save that new page template and upload it to your server.
- That’s all the code we have to write. Next, create your new page and under “Page template,” select the new page template we just created.
- Save your new page and that’s it. That page will now appear in any pages lists just like any other page on your site, but when a user who is not logged in clicks through, he/she will receive a notice similar to this:
Example of the message you get when trying to view a protected page
You rock. It worked like a charm in a matter of minutes. I love you (metaphorically speaking).
Thank you! I feel like I’ve been looking forever for the simple answer to having a private section of your website… everyone makes it so complicated. Thankyou. =)
This is way better than all of the other solutions to show private pages in the sidebar. Thanks for your help man!
This works most of the time but I find that I receive http 500 errors the first time a non-logged in user tries to open the page. On refreshing once or twice, the message in “wp_die” is then correctly displayed. It’s as if the “php else” code is skipped sometimes. Any ideas people? Thanks.
Hmm…500 errors can be any number of things. Are you using a caching plugin by any chance?
Hello. No caching plugin in use. I have worked around this by changing the php code to redirect to the login page if not logged in and then do an exit. This is not the same behaviour as in this article but works with complete reliability for me.
Thanks for your reply.
Awesome. Thanks for the update!
the solution worked fine, but wp_die caused my theme to display an error page layout, so i used echo instead…
Thanks for that, worked a treat.
Works great! However, I need to resolve the relative link to the login page for Windows 7. I will try it on a Linux box soon.
Brilliant – thank you, can’t believe I spent 2 hours messing with crappy plugins that don’t work, so simple
Yeah, a plugin is probably a bit overkill for this. Glad it worked for you!
I had to use the ECHO as well, using wp_die caused a lay out error in my theme as well (only when user was not logged in of course).
My question is, is there any way that once a user logs in, that they canend up on the page itself VS ending up on the dashboard?
I’m replying to the question I just asked about the log in redirect. I did some looking around and got this to work (note REST OF URL HERE means the rest of the URL to your specific page:
[php]
<?php else: echo(‘Sorry, you must first <a href="/wp-login.php?redirect_to=index.php/YOUR URL HERE/" rel="nofollow">log in</a> to view this page.’); endif; ?>
[/php]
Looks great K! Thanks for that tip!
Is it possible to get the full line of code from the post for using the echo command instead wp-die?
Your page cut-off the right side of it!
I keep getting a parse error with the wp_die line.
Thanks
The full code should be available. Perhaps you have javascript disabled…although that shouldn’t matter, that’s what formats the code blocks. Try view source if not. Any code I’d give you with echo would do the same thing if you can’t view a long line.
Hiiii
I’ve WordPress 3.1, with the theme lightword.
I’ve used 1:1 the same code you advice. If the user isn’t logged in, the message comes, all fine. But if the User is logged in, only a white Page comes and in the developertools of Chrome i’ve also got http error 500. Not only Chrome, also Firefox and IE.
Thx for support! =)
Hi,
What I’m looking for is that users get a login page. When they are logged in they should get redirected to this template page. Do you know how I can get this login page without letting the users getting acces to the dashboard?
Thanks heaps…was a little unhappy when I realised making a page private hides from menus etc, but this fixed it up in 30 seconds.
Thanks for clarifying “private” visibility on a wordpress page. I was hoping it allowed logged-in users to view those pages.
Hi John,
I know you posted this quite a while ago but it has helped me in arriving at a relatively simple solution for securing individual pages behind a required login.
I did create a new template and the page requires a login now but as soon as a user logs in they are taken to the WP dashboard. Obviously that’s not a good thing.
Do I need a new plugin just for registering users to this page? If no how do I keep the user from getting to the dashboard?
thanks.
Hey Randy, I’m pretty sure a user will always be able to get to the dashboard if they’re logged into WordPress…that’s just the way WP works. They won’t be able to do much if they’re just a subscriber. I’m sure there’s a way to redirect after login. Google something like “wordpress redirect after login” and you should find some info on that.
Thank you for the very easy and straightforward solution to getting a login dialog onto a page template. Very straightforward and user friendly for site admins.
Glad I could help Matthew!
Hi John,
Read your tutorial above as i was interested in achieving a similar result.
I did notice during testing that you can be logged into any wordpress site at all and still gain access.
Just thought i would let people know. Maybe further tweaking is required. Thanks anyway this has got me closer to my goal.
Hmmm…that shouldn’t happen at all. is_user_logged_in() should only return true if the user is logged into the current site…it would be based on the login credentials, which are specific to each site…unless two sites are sharing login auth or something.
Hi Weeksy, I tested the option above as I am using this on a clients site and it works well. If you don’t register or login no one can view that page. I am sure there must be another plugin in your site that produces what you are saying.
Kind regards
This is a great tip!
I wanted to keep the theme, so I added the if statement in the post-content div, and just echoes a text directing to the login/register page instead of usng wp_die.