WordPress User Pages

Many of you are interested in implementing a customer or client portal on your WordPress website (for user specific content and pages), and while there is no easy “out of the box” solution for user specific content, the best solution I have found is by using a few key plugins within the CMS WordPress.

The first thing to understand is that by default WordPress does allow for a page or post to easily have restricted access by applying a password, or making the page private. The “password” would be the same for all users, and the “private” page hides it from the navigation and search features. To apply one of these to a page just select the “quick edit” option for a page or post as shown following.

This default “password” solution works okay if you want to create a page where anyone with the password can have access to view it, yet it won’t allow you to revoke one’s access after the password is known (without changing the password which will affect all user’s access), and it doesn’t provide individualize content by user type/role, or by user name.

In case you are completely new to WordPress, the first thing you need to understand is that the default user role is that of a visitor, which is simple normal access to all public areas. Next is someone who registers, a “subscriber”, which for most WordPress websites (per setting configurations) will grant them the ability to leave a comment, and in some cases view otherwise private content. A “contributor” is the next step, then “author”, “editor”, and “administrator” – each has their own permission levels which allows them to interact with the website in some fashion. I note the user levels here since user specific content is possible by assigning capabilities for a specific role (group of users), or by assigning access rights for a specific user to a page or post.

In our research we have come across a few commercial and free plugins that provide much of the functionality our clients often request. These plugins are typically referred to as “access management”, and the best one is likely https://wp-client.com/. If you view their video, and look at the screenshots you can get an idea of what they provide and if it will work for you or not?

What’s Needed?

For our own website we are using the following plugins to provide the necessary functionality:

User Role Editor
User Specific Content
User Shortcodes
Sidebar Login
Post Duplicators

Note: WordPress plugins often change, or become out-dated as WP platform updates happen. In some cases a commercial plugin may be best since the people behind it may spend more time ensuring that it is kept updated, so I am not advocating that you choose a plugin just because I recommend it here. My goal is just to help you understand the options, and then decide for yourself what is best.

User Role Editor:
This plugin will allow you to create a user role type, and choose the capabilities of the role. The image following shows our custom role of client.

For our use we wanted our clients to have the ability to read private posts and pages, so we created a user role with shared capabilities. Here we merely need to let our clients self register and then change their role from the default subscriber to “client”, or manually edit their capabilities.

Okay, so as I’ve noted, the user role editor plugin works great for creating a shared access by user type. I provided this for a charter school client that wanted a Teacher’s Only section. In this case I also made it so that the menu was hidden from no registered users, and since self registration was not allowed, only the logged in teachers would see their private menu links.

User Specific Content:
This key features of this plugin is that it allows for a global “blocked access” message, and provides a listing of user names and roles. Once a page is created you can then assign the page to either the role type (for shared access per a role), or to a specific users (individual access).

As you can see there is the option for a custom blocked message to be added here, though there is also a global message option, which is what we used. The image following will give you a better idea of the settings in place and plugins in use.

User Shortcodes:
One of things we felt was needed was for the pages to be more personalized. The better contact forms have long provided the ability to add a form field (such as a form submitters name) within an auto-reply message. The user shortcodes plugin provided for this functionality. The options available are:

For our use we decided to use the firstname, username, and useremail shortcode options. Now when a user visits this shared page, the welcome is personalized to them.

Sidebar Login:
The next question you’ll have is how to do the login? Of course WordPress has the default login www.yourwpsite.com/wp-login/, yet if you have advanced security you’ll probably choose to rename this anyway as a deterrent to hacker bots. We decided to place the sidebar on the primary client access page, for which when a user first visits this page their is a login form at the right sidebar. After they logout, then we have set it so that the user is redirected to the home page.

The sidebar login widget features include:

Post Duplicator:
I have found that having a post/page duplicator is a big time saver, especially for the more advanced themes since they have lots and lots of option settings. The goal with the client/portal page is to create one “template” page which can be duplicated. Here you can use the “user shortcodes” plugin to dynamically provide their name, you can add a contact form, a section for client files, etc. Once you have it just as you want it then you save it as the master for all of the others. When you need to create a client page all you have to do is mouse-over this master page and select “duplicate page”. You then change the page title/s, the permalink URL, and assign the page to the particular user at the bottom of the page (user specific content box) of the user specific content plugin.

Before making any decision though I’d suggest that you define what you actually want and need for this user specific content area.

Is the private page/s shared (same content viewed by everyone) for users of a specific type, such as clients?
Is the private page/s specific to each user, so assigned by a person’s name and only they can access it?
Are your private page/s viewable in the menu system for everyone?
Are your private page/s viewable only to a logged in user with permission rights to view the page?
Do you intend to have the login form with the navigation system, on a sidebar, within a page, or at the footer?
When someone logs out of a “special content area” where you do want them redirected, if at all — to their own page, a shared page, other?
Do you intend to prevent access to the dashboard for the logged in users?
Do you intend to visually brand the dashboard for users?

As you can see there are a variety of choices to make and the different access management plugins will provide similar, yet different features, so choosing the right one is important. You also want to ensure that your site doesn’t become bloated with unneeded and redundant plugins. My suggestion is to spend some time test driving the different plugins and ensure that they work well together since plugins do conflict sometimes.

Some of the better plugins: