WordPress.org

Plugin Directory

Restrict User Access – Ultimate Membership & Content Protection

Restrict User Access – Ultimate Membership & Content Protection

Description

Restrict User Access is a fast and simple Membership Plugin for WordPress. Restrict your content in minutes, NOT hours.

Quickly set up a paid membership site where your users can get different levels such as Platinum, Gold, or Free. Then, grant those levels when a user purchases a product in WooCommerce.

👥 Unlimited Access Levels

Users can have multiple levels, and you control how long memberships should last. When unauthorized users try to access restricted content, you can redirect them to another URL or display a teaser.

⚡ Level Membership Automations

Automatically add levels to your users based on something they do (Triggers) or something they are (Traits):

  • User Roles
  • Logged-in or Guests
  • WooCommerce Purchases
  • Easy Digital Downloads Purchases
  • BuddyPress Member Types
  • GiveWP Donations

🔒 Contextual Content Protection

Prevent unauthorized users from visiting your posts, pages, or categories. You can even combine the conditions: protect all posts tagged “Premium” written by a select author.

The following Access Conditions are available out of the box:

  • Posts, Pages & Custom Post Types
  • Content with Tags, Categories, or Custom Taxonomies
  • Content written by select Authors
  • Page Templates
  • Blog Page & Post Type Archives
  • Author Archives
  • Taxonomy Archives
  • Front Page, Search Results, 404 Not Found Page
  • bbPress Profiles, Forums & Topics
  • BuddyPress Profile Sections
  • Languages (Polylang, qTranslate X, TranslatePress, Transposh, Weglot, WPML)
  • Pods Pages

Note that Access Conditions do not apply to content displayed in lists.

✅ Grant & Deny Capabilities

The easy-to-use WordPress User Manager gives you full control over the capabilities the members should or shouldn’t have. Access Level Capabilities will override the permissions set by roles or other plugins.

👁️ Hide Admin Bar & Nav Menu Visibility

Disable the admin bar for select levels and control what menu items members can see. You can even hide any widget area created with Content Aware Sidebars

🤖 Restrict Content from Other Plugins

Restrict User Access autodetects Custom Post Types and Taxonomies created by any plugin or theme. Built-in support for some of the most popular WordPress plugins means that you e.g. can restrict access to bbPress forums or multilingual content.

  • bbPress
  • BuddyPress
  • Easy Digital Downloads
  • Pods
  • Polylang
  • TranslatePress
  • WooCommerce
  • Weglot
  • WPML
  • and more …

🛡️ WordPress Security Enhancements

  • WP REST API Content Protection
    Enforces PoLA to minimize attack surfaces and stop threat actors from harvesting your data
  • How to display content in lists
    Display excerpts only or hide content when post types are displayed in blog, archives, search results, lists, etc.

📑 Restrict Content with Shortcodes

Fine-tune content visibility in your posts or pages by adding simple shortcodes:

[restrict level="platinum"]
This content can only be seen by users with Platinum level or above.
[/restrict]

[restrict level="!platinum"]
This content can only be seen by users without Platinum level or above.
[/restrict]

[restrict role="editor,contributor" page="1"]
This content can only be seen by editors and contributors.
Other users will see content from page with ID 1.
[/restrict]

[login-form]

👋 Developer-friendly API

Restrict User Access makes it super easy for developers to programmatically customize WordPress access control by adding a few lines of code to theme templates.

Example – Add level to current user

rua_get_user()->add_level($level_id);

Example – Check if current user has an active level membership

if(rua_get_user()->has_level($level_id)) {
    //show restricted content
} else {
    //show content if unauthorized
}

View full RUA PHP API documentation here.

🎛️ Premium Add-ons for Restrict User Access

Complete your WordPress membership site with these powerful extensions

  • ACF Restriction
    Restrict content that contain data from Advanced Custom Fields plugin
  • Date Restriction
    Restrict content based on the time it was published
  • Meta Box Restriction
    Restrict content that contain data from Meta Box plugin
  • Timelock
    Determine when to enable or disable select Access Conditions
  • URL Restriction
    Restrict content based on the WordPress URL, with wildcard support
  • Visibility Control
    Hide content from blog, search results, archives, custom lists, WP REST API, and more

Screenshots

  • Simple Access Levels Overview
  • Easy-to-use Access Conditions
  • Capability Manager for Access Level

Installation

  1. Upload the full plugin directory to your /wp-content/plugins/ directory or install the plugin through Plugins in the administration
  2. Activate the plugin through Plugins in the administration
  3. Have fun creating your first Access Level under the menu User Access > Add New

FAQ

How do I prevent admin lockout?

Restrict User Access has built-in lockout prevention. All administrators will by default have access to all content regardless of the Access Levels you create.

If the plugin is deactivated, any restricted content will become accessible to everyone again; Restrict User Access does not permanently alter Roles or Capabilities in any way.

How do I restrict some content?

  1. Go to User Access > Add New
  2. Click on the “New condition group” dropdown to add a condition
  3. Click on the created input field and select the content you want to restrict
  4. Go to the Members tab to add users who should have access the restricted content
  5. Go to the Options tab to set the Non-Member Action and other options
  6. Give your new level a descriptive title and save it

Tips
In order to restrict a context, e.g. “All Posts with Category X”, simply select a new type of content from the dropdown below the AND label and repeat Step 3.

I added a level to a user, but it can still access other content?

When you use Access Conditions to restrict some pages, only members of this level will be able to visit those pages, but they can still visit other pages too.

You can change this behavior from the Options tab by toggling “Deny Access to Unprotected Content” to ON.

With this option enabled, members can only visit the pages selected as Access Conditions.

To prevent lockout, Administrators will have access to all content regardless of your levels.

Restricted content is still displayed in blog, archives, search results, etc?

By default, Access Conditions do not apply to items in archive pages, search results, widgets, WP REST API, or custom lists.

Learn more about how to completely hide content here.

Restricted file is still accessible with deep link?

Restrict User Access does currently not support restricting deep links to files, only attachment urls.

User still able to edit restricted content in Admin Dashboard?

Capabilities and Access Conditions serve different purposes and are not combined. Access Conditions are applied only to the frontend, while capabilities work throughout the site (both Admin Dashboard and frontend).

How can I report security bugs?

You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. Report a security vulnerability.

I have other questions, can you help?

Of course! Check out the links below:

Reviews

སྤྱི་ཟླ་བརྒྱད་པ། 8, 2024
After installing this plug-in it is no longer possible to open an article on the blog, when I click on an article I always end up on the homepage, it happens with all the articles.I tried to contact support from the official site but it requires a license number that I do not have, as I use the free version for testing.
སྤྱི་ཟླ་ལྔ་པ། 20, 2024
Been using this plugin for several years on different websites, and it is just great, very efficient. I had a problem once and got personnalized help really fast.Thanks for this plugin !
སྤྱི་ཟླ་གཉིས་པ། 8, 2024
I wanted to appoint some authors (Not contributor – so that they can upload images etc) and then limit their capabilities to not publish posts. this plugin was the perfect and easiest solution for anyone!
སྤྱི་ཟླ་བཅུ་གཅིག་པ། 18, 2023
Plugin gets the job done. It has a very simple UI to understand. Rules are really handy and I achieved the result I wanted in no time. Only downside was I couldn’t make it work alongside with litespeed caching. But I think that has nothing to do with the plugin. I would recommend everybody to give it a try!
སྤྱི་ཟླ་དང་པ། 19, 2023
It doesnt look like yours does this either so correct me if Im wrong…but how have you and no one else that I can find not made one thats blocks the customer list on the backend so SEO agencies and marketers on peoples site cant steal customer lists…come on. Please lmk if you add this or if I missed that your plugin has this feature.
སྤྱི་ཟླ་བདུན་པ། 4, 2022
I installed this plugin to test some features and it didn’t had what I was looking for. After some tests, I tried to uninstall it, but now I can’t access any pages, can’t create any new posts, pages or categories. My site is now useless, I will need to reinstall it fresh from the beginning and will loose a week of work. DON’T INSTALL IT because it doesn’t undo things if you need to remove it.
Read all 93 reviews

Contributors & Developers

“Restrict User Access – Ultimate Membership & Content Protection” is open source software. The following people have contributed to this plugin.

Contributors

“Restrict User Access – Ultimate Membership & Content Protection” has been translated into 8 locales. Thank you to the translators for their contributions.

Translate “Restrict User Access – Ultimate Membership & Content Protection” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

Follow development and see all changes on GitHub

Highlights

2.7

  • [new] ui and performance improvements
  • [new] wordpress 6.5 support
  • [new] minimum wordpress version 5.5
  • [new] minimum php version 7.1
  • [fixed] memberships now removed on user deletion
  • [fixed] improved compatibility with wpml plugin
  • [updated] wp-content-aware-engine library
  • [updated] freemius sdk

2.6.1

  • [new] ui and performance improvements
  • [updated] freemius sdk
  • [fixed] timezone discrepancies in level memberships
  • [fixed] conflict with other plugins erroneously manipulating membership queries

2.6

  • [new] rest api content protection
  • [new] control how content is displayed in lists
  • [updated] buddypress 12 compatibility
  • [fixed] compatibility with polylang and wpml
  • [fixed] xss vulnerability when editing levels

2.5

  • [new] admin ability to extend, search, and sort memberships
  • [new] member trait – givewp donation
  • [new] wp multisite network support
  • [new] greatly improved membership data storage
  • [new] wordpress 6.4 support
  • [new] minimum wordpress version 5.1
  • [new] minimum php version 7.0
  • [new] ui and performance improvements
  • [updated] wp-content-aware-engine library
  • [updated] freemius sdk

2.4.3

  • [new] wordpress 6.2 support
  • [updated] freemius sdk

2.4.2

  • [new] api to update user level start, expiry, status
  • [new] ui improvements
  • [updated] freemius sdk
  • [removed] deprecated php api methods: rua_get_user_roles, rua_get_user_levels, rua_get_user_level_start, rua_get_user_level_expiry, rua_is_user_level_expired, rua_has_user_level, rua_add_user_level, rua_remove_user_level

2.4.1

  • [new] wordpress 6.1 support
  • [new] ui improvements
  • [fixed] user role trait would in some cases not work for extended levels
  • [updated] wp-content-aware-engine library

2.4

  • [new] member trigger – easy digital downloads purchase
  • [new] member trait – buddypress member type
  • [new] member trait – user role (supersedes user role sync)
  • [new] auto-complete searching for member automations
  • [new] ui and performance improvements
  • [updated] wp-content-aware-engine library

See changelog.txt for previous changes.