Protect WordPress Content
Wrriten by Equal Design | Blog | 27 January 2010
I have been working on a number of sites recently that require several of the pages to be protected to logged in users only. Also I have had one site where all pages which have a particular parent page needed protecting to logged in users only. With some very handy built in WordPress functions and a bit of PHP this post attempts to show you how this can be done.
Ribbweb ICT runs WordPress and is used as a CMS in order to provide online resources for students to use. It was decided that the site needed a section for just teachers to be able to use, where they can post protected content such as lesson plans, notes etc that website visitors cannot see but logged in users can. I decided that the best way to accomplish would be to create a page (we will call it “Resources”) and make this, and all its child pages protected. You can see that the link in the header only shows if you are logged in.
To start with we need to edit the page.php file in your themes template files. In this file we need to set up an IF statement that checks to see whether the page you are currently viewing has the ancestor of the protected page (Resources). First of all I used the following code in order to get all the ancestors of the current page:
[php]<?php $ancestors = get_post_ancestors($post->ID); ?>
[/php]Now we have all the of the post IDs of the current pages ancestors stored as an array in a variable, we need to check whether the ID of the protected parent page (the Resources page) is contained in this list. In this example the Resources page had the ID of 2. Therefore we use the following code to see if the ID of 2 is contained within the array:
<?php if(in_array("2",$ancestors) ) { ?>
Now we know whether or not the we have an ancestor of the page that we want to protect, we need to check whether the user is logged in or not. To do this we can use the WordPress function is_user_logged_in().
<?php if (is_user_logged_in() ) { ?>
<?php include(TEMPLATEPATH."/page-content.php"); ?>
<?php } else { ?>
<?php include(TEMPLATEPATH."/loginform.php");
<?php } ?>
To keep things simple here I have included the login form and the page loop in separate files and then called those files in the code above. So this code will show if we are on an ancestor of the Resources page, so the next thing we need to do is to check whether we are on the resources page itself. To do this we need the following code:
<?php } elseif (is_page('2') ) { ?>
// add the is_user_logged in loop here from above
Then finally to finish of our page we need to show how a normal page will display, without checking to see if the user is logged in or not.
<?php } else { ?>
<?php include(TEMPLATEPATH."/page-content.php"); ?>
<?php } ?>
So the code in full that you would need to use here is as follows:
<?php $ancestors = get_post_ancestors($post->ID); ?>
<?php if(in_array("2",$ancestors) ) { ?>
<?php if (is_user_logged_in() ) { ?>
<?php include(TEMPLATEPATH."/page-content.php"); ?>
<?php } else { ?>
<?php include(TEMPLATEPATH."/loginform.php");
<?php } ?>
<?php } elseif (is_page('2') ) { ?>
<?php if (is_user_logged_in() ) { ?>
<?php include(TEMPLATEPATH."/page-content.php"); ?>
<?php } else { ?>
<?php include(TEMPLATEPATH."/loginform.php");
<?php } ?>
<?php } else { ?>
<?php include(TEMPLATEPATH."/page-content.php"); ?>
<?php } ?>
So there you have an easy way to check whether a WordPress page or post has a specified ancestor and then how to use that information to protect those page so that only logged in users to view them. The is_user_logged_in() function has some very powerful uses in using WordPress as a content management system.
I have also used this function in the sidebar of the site in order to display certain links to document that only teachers needed to see, such as lesson plans and answer sheets. It works really well.