Have you ever wanted to make parts or all of your WordPress private so that only certain visitors can see it?
Maybe you want to create a private space where your community can communicate with each other, or perhaps you’d like to start a subscription service that prevents non-paying members from viewing your content.
If you’d like to get feedback on a new site design or a piece of content before publishing it, you might want to give access to a few select users before going live.
Online store owners can also use access restrictions on certain products, such as wholesale items or pre-release deals.
Whatever your reason for wanting to restrict access to parts of your WordPress website, it’s relatively straightforward to set up. WordPress even has this functionality built into its core. However, there are some plugins that give you a lot more control over how your content is protected and access is restricted.
In this guide, you’ll learn how to restrict access using the core WordPress functionality and free plugins to get more control over this process.
How to Restrict Access to Parts of Your WordPress Site
Out of the box, WordPress allows you to set posts and pages as private. The two main options are making a post or page private so only users with the WordPress Administrator or Editor role can see it or using a password to protect a piece of content so that only those with the password can see it.
If that level of functionality sounds like it would be enough for your project, then you won’t need to install any extra plugins, as WordPress has everything you need.
To make a post or page private using the core WordPress functionality, click on the Visibility settings from the Post or Page Editor.
Regardless of which option you select, the post or page won’t be automatically listed on the site, such as in a menu or on the blog post archive. Users will need to know the post or page URL or permalink to try and access it.
If you password-protect the post or page, users will see the post or page title and a prompt to enter the password.
If you choose to restrict access to the post or page private so that only site admins and editors can see it, anyone who isn’t logged in and has one of those roles will see a message telling them there is nothing to see.
If you’d like more control over who can access your site, including restricting access to parts of a post or page or restricting access to all or some posts and pages, plus more, the next section of this guide covers how to use the free Content Control plugin.
After that, we’ll cover how you can restrict access to your entire site using the free Restricted Site Access plugin
Install Content Control – User Access Restriction Plugin
To get started with the Content Control plugins, click on Plugins → Add New from the sidebar menu in your WordPress admin dashboard.
Type Content Control into the search field. Then click on the Install Now button for the Content Control plugin.
Click on the Activate button once the plugin has been installed.
Configure Content Control Plugin
After the plugin is installed and activated, you can create your first restriction by clicking on Settings → Content Control from the sidebar menu of your WordPress admin dashboard.
From the plugin settings page, click on Add a Restriction.
The first step is to give your rule a name. After that, you can define who can see the content. The options here are whether they apply to logged-in or logged-out users and users with specific roles.
Already you can see that this plugin gives you more functionality than you get with WordPress. With Content Control, you can choose exactly which roles the restrictions apply to.
If you want to add additional user roles to your WordPress website to give you more flexibility when restricting access, you can use a plugin like User Role Editor. However, the default WordPress user roles should be fine for most situations.
After, you can click on the Protection tab. These settings let you control what happens when someone tries to access restricted content
The two options are whether to display a custom message when a user tries to view content they don’t have access to and redirect. If you choose the redirect option, you can send them to a page on your site or a custom URL. One way to use this could be to redirect users to a page with information on why access is restricted and how they can gain access.
Progressing to the Content tab lets you choose where on your site the rules apply. Content Control lets you select individual posts and pages, posts assigned to specific categories and tags, and other parameters.
As you can combine the content restriction rules using “And” and “Or,” you should be able to create the right conditions for your site. For example, you could restrict access to blog posts assigned to category A or category B. Or all media files and the blog index page.
Once you’ve finished creating the restriction rule, you can click the Update button.
Content Control does let you create multiple restrictions. This makes it possible to control access to your site and its parts in many different ways. For example, you could restrict access to the blog so that only users with one role could access it and then create another restriction so that users with another role see something else on your site. If you do want to create another restriction rule, follow the above steps.
Either way, when you’re ready, it’s a good idea to test your rules to see if they work as intended.
For my example, I restricted access so that only logged-in users could see the blog and its posts. Now, when someone who isn’t logged in tries to access the blog, they get redirected to the login page. However, this could easily be adjusted so that they’re taken to a registration page or a page that contains information about how they could gain access, such as joining a membership program.
Restrict Access to Parts of a Post or Page
In addition to allowing you to restrict access to your entire site, entire parts of it, and specific posts and pages, you can also use Content Control to restrict access to parts of a post or page.
To do this, you’ll need to wrap a shortcode around the content in a post or page that you want to restrict access to.
This is an example of a shortcode that can be used to restrict access to content in a post or page so that only logged-in users can see it:
[content_control]You are logged in, so you can see this.[/content_control]
If you want to let people know that they can’t see something that is protected, you can add a message to the shortcode like this:
[content_control message=”You are logged out, so you can’t see the protected content.”]You are logged in, so you can see this.[/content_control]
Now, when someone who isn’t logged in visits the page, they will be notified there is protected content on the page they can’t access.
You can also use the shortcode to restrict access to content so that only logged-out users can see it:
[content_control logged_out]You are logged out, so you can see this.[/content_control]
Another option is to edit the shortcode so that only logged-in users with certain roles can see the protected content:
[content_control roles=”subscriber,editor”]Only logged-in users with the subscriber or editor roles can see this[/content_control]
The shortcodes would look something like this:
When the published page is viewed by someone who is logged in, it will look like this:
And when viewed by someone who is logged out, it would look like this:
That about covers how to restrict access to parts of your WordPress website.
Restrict Access to Your Entire Site
Unfortunately, the Content Control plugin doesn’t let you restrict access to your entire site. This can be useful if you want to make your entire site private or only open to members or if you want to test a new site design and only want certain people to see it.
If you want to do that, the free Restricted Site Access plugin makes it very easy. Simply install and activate the plugin following the steps earlier, but instead, search for Restricted Site Access.
After doing so, you can access the plugin settings by clicking on Setting → Reading from the WordPress admin dashboard sidebar menu.
If you scroll down to the Restricted Site Access section, you can choose what happens when non-logged-in users try to access your site. You can also give users access by adding their IP addresses to the Unrestricted IP addresses list.
As we’ve just seen, WordPress has the basic functionality that lets you password-protect posts and pages. It also enables you to restrict access to posts and pages based on whether the visitor is a logged-in user of your site.
If you have any questions about restricting access to parts of your WordPress website, please leave a comment below.