Did you know that WordPress itself comes with an option to mark content as private? This lets you create pages and posts that only logged in users with a certain role can see. Keep learning to learn more about private content and how to edit user roles to give them access to private content.
WordPress itself comes with options to password protect any page or post, or to mark it as private based on user role. You can see this in the 'Visibility' section in the 'Publish' panel for any page or post. It also appears for all WordPress custom post types such as articles, events, and e-commerce products.
The problem is that WordPress private posts have 2 main limitations:
- They're only visible to logged in users with an Editor or Administrator role. That's no use if you want to create a private client portal, for example. Your clients aren't editors or admins! To change this, you have to manually edit your WordPress user roles.
- All your private content must be visible to the same user role(s). There's no way to add different private content for different user roles.
- You have to mark each page/post as private individually. That takes a long time and is error-prone. It's easy to miss one and leave it public by mistake!
The perfect solution
The best solution to both problems is to use a different method to restrict access based on user role. You can easily do this by installing our Password Protected Categories plugin, which lets you restrict access to any WordPress post type based on user role. (Or if you're making WooCommerce categories private, then use our WooCommerce Protected Categories plugin instead.)
The good news is that these plugins are a better solution because:
- You can choose which user roles can access the private content. There's no need to edit your WordPress user roles. For example, if you want Subscribers to access the client area then that's easy!
- It's easy to create a separate private area for each user role. Simply create a private category for each type of user, and select which role(s) can access each one.
- You can make entire WordPress categories private at the click of a button. That's much faster and less error-prone than making each page/post private one at a time.
As you can see, installing Password Protected Categories is much easier than manually marking posts and pages as private. However, maybe you really want to use the private posts option in WordPress itself. If so, then keep reading to learn how to change which user roles can access private content. This involves editing your WordPress user roles to allow additional roles to access private posts and pages.
How to choose which user roles can access private posts and pages
Firstly, I will tell you how to edit WordPress user roles to change which ones can view private content. Afterwards, I will show you how to create completely new user roles that can see private posts.
By default, private categories are only visible to Administrators and Editors (plus Shop Managers if you're using WooCommerce). If you're using private categories, you will probably want to make them available to other user roles - for example, normal subscribers or customers.
If you're a WordPress developer then you can change the user roles programmatically. Otherwise, I recommend using the free User Role Editor plugin. The following video tells you how to do this, or you can read the written instructions below:
How to edit WordPress user roles and give access to private content
- Firstly, in the WordPress admin, go to Plugins → Add New and search for 'User Role Editor'.
- Install and activate the plugin.
- Go to Users → User Role Editor.
- In the 'Select Role and change its capabilities:' dropdown, select the user role that you want to access private categories.
- Tick the 'Show capabilities in human readable form' box.
- Lower down, you will see an alphabetical list of all the WordPress user role capabilities. Scroll down to the 'R' section and tick the boxes called 'Read private pages, 'Read private posts', and 'Read private products'. (Depending on your plugins, you may not see all these boxes, and there may be similar ones that you need to tick too. Don't worry about this - just tick the boxes that apply to your site.)
- Scroll up and click 'Update'.
- Finally, create a private page or post, login as a user with the role you just edited, and check they can view it ok.
Tip: If you get a 404 error, this means that the user doesn't have access to the private category. Go back and check your changes, e.g. make sure you edited the correct role.
How to create new user roles who can access private content
WordPress itself comes with a choice of built-in user roles - Administrator, Editor, Author, Contributor, and Subscriber. WooCommerce adds two extra roles: Customer and Shop Manager.
Follow the instructions below to create additional user roles that can access your protected posts, pages and products.
For example, you might want to create a 'Client' user role and use it to create a private client area that only logged in clients can access. You can do this with the free User Role Editor plugin.
- In the WordPress admin, go to Plugins → Add New and search for 'User Role Editor'.
- Install and activate the plugin.
- Go to Users → User Role Editor.
- Click 'Add Role'.
- Choose a slug and name for your new role, such as 'client' and 'Client'. To keep things simple, I suggest copying the 'Subscriber' role which comes with WordPress. This gives the new role the same capabilities as the built-in subscriber role.
- Click the 'Add Role' button.
- To add users to the new role, go to 'Users' section of the WordPress admin, edit the user, and choose the role from the dropdown.
- Finally, go to add or edit your pages and posts, and change the visibility to Private as needed.
Will you use private posts or use the plugin method?
As we have seen above, it is possible to edit your WordPress user roles in order to change which roles can access private pages and posts. However, this involves editing user capabilities which can be fiddly.
It's easier to install the Password Protected Categories plugin where you can:
- Easily choose which user roles can access the private content.
- Create different private areas for different users.
- Mark pages and posts as private in bulk, by restricting the entire category.
dwight fellman
Would like to be able to use this same sort of technique to secure individual files in the 'uploads' folder. Things like PDF document and images that are not tied to one specific page.
Edge
Hi, Dwight. You can use the Prevent Direct Access (PDA) Gold plugin to protect the downloadable files themselves. We have provided a tutorial about how to use it with Protected Categories.