Customizing the Member Cancellation Process

The Membership Cancel page includes a shortcode that allows members to immediately cancel their membership. This post covers some alternative methods to manage or modify the default behavior of member cancellations.


Don’t want to allow members to cancel?

The default [pmpro_cancel] shortcode outputs a message and button that a member would click to cancel their account.

One of the commonly requested features is to remove this behavior and require members to contact you in order to cancel their membership.

To do this, navigate to Memberships > Page Settings and click “Edit” for the page assigned as the “Membership Cancel” page. Then, remove the [pmpro_cancel] shortcode and replace it with your desired content. You could simply put a message and a contact email address, such as:

Please contact us as info@domain.com to request a membership cancellation.

Or, add a contact form using a plugin such as Gravity Forms, Ninja Forms, Caldera Forms, or the “Feedback” module of Jetpack.


Downgrade Membership instead of Canceling

If you offer a “free” membership level, this post includes the recipe to change a member’s level when they cancel or expire. Using this method, a member could use the default cancellation process, their paid membership level would be removed, any attached subscription at the gateway will be cancelled, and their membership level will be changed to your default (downgrade) level.

View the Tutorial


Delete the User Account

If you run a VERY tight ship and want to remove the WordPress user when they cancel their account, this post includes the recipe to do so. We don’t recommend doing this as it messes up a lot of data in Memberships > Orders. It’s also smart to maintain a list of canceled members for future marketing efforts. Perhaps you would like to invite them back at a discount or offer a new membership that wasn’t previously available. That said, there can be other reasons that you would need to delete the user account so we still want to demonstrate how this is done.

View the Tutorial


Cancel a Member Automatically After Failed Subscription Payment

This method doesn’t relate to a member canceling themselves, but rather when the gateway lets your site know that a member’s subscription payment failed. The Failed Payment Limit Add On allows you to specify a number of “tries” before the membership is cancelled.

Be sure to check with your gateway settings, as some gateways (such as Stripe) allow you to set rules related to retries and failed payments on recurring subscriptions. These can override the settings of the Failed Payment Limit Add On.

View the Add On


Have another creative member cancellation request?

This post has covered a few alternative / custom methods as related to member cancellations. If you have another idea on how you would like to manipulate cancellations, post a comment below or open a topic in our member forums for support on the methods described above.

Allow Members to Favorite Posts using the Favorites Plugin for WordPress

Add a special feature for your members that allows them to mark posts as “Favorites”. Then, show your members their bookmarked posts on the Membership Account page. Below are two code recipes that integrate Paid Memberships Pro with Favorites by Kyle Phillips.

This page requires a PMPro Core Account or higher.

Already have an account? Login Now »

New to this site? Register Now »

Memberships Levels Page: Order, Hide the Display, or Skip it Mega Post

We have several tutorials for altering the membership levels page using the default [pmpro_levels] shortcode or the Advanced Levels Page Shortcode Add On. This post summarizes several methods to:

It’s a useful guide if you aren’t quite sure of a method to use and want to explore your options.


Reordering the Membership Levels Display

Navigate to the Memberships > Membership Levels page in the WordPress Admin. Here you can drag and drop the membership levels into the order you would like them to display when using the default [pmpro_levels] shortcode or the [pmpro_advanced_levels] shortcode.

Drag and Drop Membership Level Order

If you are using the [pmpro_advanced_levels] shortcode, you can also specify the levels="2,4,1" attribute to force the display in your preferred order. This method will simultaneously reorder the display AND filter out levels you do not want to display.


Hide Free Levels from the Membership Levels Display

Here’s a tutorial for hiding all the free levels from display. This is a useful method if you have free levels that are reserved for specific customers or promotions, etc.

View the Tutorial

Hiding Specific Levels (by ID) from the Membership Levels Display

To hide levels using the [pmpro_advanced_levels] shortcode, just exclude them from thelevels="1,2,3" attribute of the shortcode. Easy!

If you are using the default [pmpro_levels] shortcode, you have two options for hiding levels from the output:

Option 1: Define hidden levels in a custom function.

The code recipe below allows you to define specific level IDs that will not be shown on your membership levels page.

This code recipe requires a PMPro Core Account or higher.

View Membership Options


Option 2: Add a setting to “hide” levels from display on the Memberships > Edit Level admin.

This code recipe adds a new level setting to hide the display. If you expect to be manipulating level display fairly often and would prefer to do so via settings in the dashboard vs. code, this is the recipe for you. After installing the customization code, just navigate to Memberships > Edit Level and set “Show level” to “Yes” or “No”.

This code recipe requires a PMPro Core Account or higher.

View Membership Options


Skipping the Membership Levels Page

If you have only one public level of membership, this method will redirect members from the membership levels page directly to membership checkout for the defined PMPRO_DEFAULT_LEVEL.

View the Tutorial

Skipping the Membership Checkout Process

As with the “skipping” option above, this method will allow you to use the default WordPress registration process (or another plugin or theme’s registration process) and apply a default level of membership.

View the Tutorial

Ask “How did you hear about us?” at Membership Checkout

This code recipe adds a field to ask new members how they were referred to your site via the Register Helper Add On. The member can select the referring source via dropdown or enter a custom “Referred by” value. The field is display in the User Profile and Members List Export for admins only.

This page requires a PMPro Core Account or higher.

Already have an account? Login Now »

New to this site? Register Now »

Configuring WordPress to Always Use HTTPS/SSL

SSL encryption adds a layer of security to your website that makes it harder for malicious actors to collect personal information submitted through forms on your website.

This post will walk you through obtaining an SSL certificate (Let’s Encrypt or Other Providers), installing it on your web server (Let’s Encrypt or Other Providers), setting up your WordPress site to use HTTPS URLs, and fixing any “mixed content” type errors that come up when a page served over HTTPS links to non-HTTPS content.


Yes, you should use an SSL.

Setting your site up with an SSL certificate to serve pages over HTTPS doesn’t make you 100% secure against all of the kinds of attacks that can befall a website, but it should be done on nearly every site using Paid Memberships Pro.

The use of an SSL certificate is required by the PCI Security Standards Council on any site accepting credit cards [more] and is required by most gateways even if the checkout is completed “offsite”.

Starting this year, search engines like Google will begin to penalize the search rankings of sites without SSL certificates and web browsers like Chrome will start to show more severe warnings on pages with password or credit card fields if an SSL certificate is not active.

Step 0. Backup Everything

Before you get started, perform a full backup of your website. The steps outlined in this tutorial touch on your WordPress files, database, and even your server configuration. So be sure to back up your website at all levels: files, database, and server configuration.

More About Site Backups

Step 1. Get an SSL Certificate

Quick Note: When we refer to “SSL Certificates” in this post, we mean specifically a “third-party” SSL certificate. These are certificates that are validated by a trusted third party. You can also use what are called “self-signed” SSL certificates or “shared” SSL certificates, but only a third-party SSL certificate will avoid all browser warnings and fulfill all SSL-related gateway/PCI requirements.

The easiest way to get an SSL Certificate purchased and installed is to ask your web host to do it for you.


The details and cost of this are different for each host, but they will know exactly how to get your site served over HTTPS with a proper SSL certificate. Again, ignore “shared” or “self-signed” SSL options and make sure that you obtain a full trusted third-party SSL certificate.

If you manage your own server or otherwise want to do it yourself, you have a couple of options.


1a. Generate a Let’s Encrypt SSL Certificate

In 2016, a new (and free) way to obtain “third party” SSL certificates was introduced called Let’s Encrypt. From the Let’s Encrypt about page:

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.

Many web hosts are starting to offer Let’s Encrypt SSL certificates for free or at a reduced cost. If your host supports Let’s Encrypt, ask if they will set up the certificate for you. If your host won’t set it up, but you have SSH access to your web server (typical of dedicated or VPS-level hosting plans), you can generate the certificate yourself and setup your web server to use it.


The easiest way to generate and manage Let’s Encrypt SSL certificates is through a command line tool called Certbot.


The Certbot homepage allows you to choose your web server software (e.g. Apache) and your server’s operating system (e.g. Ubuntu Linux) and will give you instructions for using Certbot to setup a Let’s Encrypt SSL. Here are some instructions for using Certbot with Apache on Ubuntu 16.10:

  1. Make sure that your web server is setup with SSL support. For Apache, the module is called mod_ssl. On recent versions of Ubuntu, you can enable this by typing the following into your command line: (restart Apache when finished)
    $ sudo a2enmod ssl

    If this doesn’t work, you’ll want to talk with your host or search their docs for “enabling mod_ssl for Apache”.

  2. Second, use apt-get to install Certbot:
    $ sudo apt-get install python-certbot-apache
  3. Third, generate the certificate. (In my experience, Certbot has often failed to configure Apache properly after generating the certificate. So I’ve only used it with the “certonly” option. If you are confident, you can try without that option and it try to automatically update your Apache configuration to use the new certificate.)
    $ certbot --apache certonly

    Your terminal should then look something like this:

    Don’t be alarmed by the border of random letters (I was the first time!). It’s just an ASCII representation of a bounding box. Cerbot tries to detect what domains are setup on your server. If you see your domain, use the arrows keys to highlight it and hit enter to check it, then follow the instructions. If you don’t see the domain you want a certificate for, you can specify the domain in the Certbot command:

    $ certbot --apache certonly --domains yourdomain.com

    When Certbot is finished, it will generate a cert.pem and privkey.pem file, typically at the following locations:

    • /etc/letsencrypt/live/yourdomain.com/cert.pem
    • /etc/letsencrypt/live/yourdomain.com/privkey.pem
  4. Fourth, you need to update your Apache configuration to use the new certificate. The exact steps for this will depend on your Apache setup, but you may have an /etc/httpd/conf.d/vhost-ssl.conf file that looks like this or similar code in another Apache config file: (Note the SSLCertificateFile and SSLCertificateKeyFile lines.)

    This is a fairly typical Apache setup. This configuration says to detect traffic coming in via port 443 for the host yourdomain.com and redirects that traffic to the …/httpdocs/ folder. This is the same folder as for port 80/regular HTTP traffic. Sometimes your site may be setup to use a different directory for HTTPS traffic. If so, you can have that directory “sym linked” to the regular directory or update your settings per the above. With WordPress, it’s best to serve both HTTP and HTTPS traffic from the same directory.

Now restart Apache to have the new settings go live. It’s a good idea to have backups of your Apache configuration files in case something goes wrong. Then you can switch your files back to the backups and restart Apache to have your site fixed ASAP. Find the error in the Apache (or other web server) error logs and see what might be wrong.


Let’s Encrypt SSL certificates only last 90 days.

To simplify the renewal process, you will want to setup a cron job to renew the certificate regularly. The command to do that is:

$ certbot renew --quiet

You can test it like this:

$ certbot renew --dry-run

And the cron job line to run this daily at 4:17am might look like this:

17 4 * * * certbot renew --quiet --post-hook "systemctl reload httpd"

1b. Purchase an SSL Certificate

If you don’t have SSH access to your web server, but do have a way to install SSL certificates (e.g. through a control panel), then you can purchase an SSL certificate from a “certificate authority” for use on your site. You may also want to purchase from a certificate authority if you want a Wildcard SSL, SAN SSL or other advanced SSL.

You will sometimes need to generate a Certificate Signing Request (CSR). You will have to validate that you control the domain through a standard email address like webmaster@yourdomain.com, an update to the site’s homepage, or a special DNS update. Once purchased and validated, you will be given one or more certificate files to install the SSL certificate. How you exactly install that certificate again depends on your host and/or your control panel software. Most control panels have easy to follow instructions for how to do so.

Here are some place where you can purchase and download SSL certificates:

  • SSL For Free (Uses Let’s Encrypt. Free but must be manually renewed every 90 days.)
  • GoDaddy (Expensive, but lots of options. Affiliate link.)
  • RapidSSL
  • AlphaSSL (Sign up for a reseller account for discounts if you plan to purchase many certificates for clients/etc.

 


Step 2. Tell WordPress Your Site URL is HTTPS://…

Once you have your SSL certificate installed on your web server, you can test it by going to https:// followed by your website URL.

If you get an error message, then your Apache configuration is probably incorrect. Make sure that you have mod_ssl installed, a valid SSL certificate, and the Apache VHOST configuration setup properly. See the notes above and check with your host.

When you visit the https:// URL of your site, you may be redirected to the http:// version of that URL. There are many systems that will try to force a website to use a certain “scheme” (HTTP or HTTPS). For example, if the “Force SSL” option in Paid Memberships Pro is turned on it will actually redirect away from the HTTPS version of a page for non-checkout pages. Other plugins may do similar redirects. And WordPress itself will sometimes try to force a “canonical” redirect to make sure that each page on your website has exactly one URL (this is good for SEO).

If you are using the Force SSL redirect option of PMPro or other plugins like WooCommerce, disable those features as they may interfere with your global SSL settings. When your full site is served over SSL, you won’t need them.

To get everything in WordPress to load over HTTPS is actually fairly straight forward. You simply navigate to the Settings -> General page in your admin, and then change both the “WordPress Address URL” and “Site Address URL” to have an https:// in front instead of an http://.

Important Note: After making this change, many things will happen. Many things may break. For starters, you will be logged out. This is because the cookie created when you login is usually specific to the HTTP or HTTPS “version” of your page. After WordPress is updated to use the HTTPS URL, you will have to login again to generate a new authentication cookie.

Many other things can break once your site is updated to server over HTTPS. Step 3 goes over the most common ones we’ve run into.


Step 3. Fix Everything That Broke

Here we’ll try to document some of the most common things that can break on a site that is being served over HTTPS.


Users can still access the http:// version of the site.

If your site is setup to serve all pages over HTTPS, you will need to redirect http:// URLs to https://. There are a few ways to do this, but we recommend adding a rule through your web server.

If you are using Apache, you can add this snippet to redirect any http traffic to the https version of the URL. Make sure to place this under your Rewrite Engine On and Rewrite Base lines:

If you are using the NGINX web server, here is the configuration you can use to redirect all HTTP traffic to HTTPS across all hosts. See Bjørn Johansen’s blog post on this topic for more details.


Pages timeout with “too many redirects” errors.

If you get a too many redirects error, what’s happening is some code somewhere is telling the browser to redirect to the HTTP version of the page. Then some other code is telling the browser to redirect to the HTTPS version of the page. What you need to do is figure out what code is trying to redirect to the HTTP version and then disable that.


  • Bad Plugin Settings

    We’ve already mentioned that you should disable the “Force SSL” option on the payment settings page of PMPro if your site is fully served over HTTPS, and PMPro should detect this anyway. Other ecommerce plugins or login/redirect plugins may have similar features that need to be disabled.

  • Bad PHP Server Values

    Another common issue is that some hosts or proxies (like Cloudflare or Sucuri CloudProxy) can sometimes make your traffic appear to be coming over HTTP instead of HTTPS. It’s pretty subtle, but basically WordPress has a function is_ssl() that checks if the PHP value $_SERVER[‘HTTPS’] is set to “on”. When using a proxy, this value might be set to “off” or not set at all.

    Here is some code you can add to your wp-config.php temporarily to test the $_SERVER values to see if they are setup correctly. Add this code to wp-condig.php and then navigate to https:// yoursite.com/?test=1.

    The output should be something like this:

    Note the HTTPS value. If you are loading an HTTPS URL, but this value is set to “off”, “false”, or blank. Look for another value indicating the scheme being used. Many proxies will set the HTTP_X_FORWARDED_PROTO value and you add this code to your wp-config.php to copy that value into the HTTPS

  • Bad Plugin Code

    If you can’t even get into the admin to change this feature, you can disable plugins one by one by renaming the folders on the server to plugin-name-o or something similar. This will hide it from WP and that plugin won’t be loaded. If disabling a plugin fixes the issue, then you know that plugin is (at least partly) to blame for the redirect. You can read more about how to disable all plugins when locked out of the admin at WPBeginner here.

    What to do next depends on the plugin at fault. Whether it’s PMPro, one of our addons, or any other plugin, we will help you in our member forums to fix the issue. Note that sometimes these issues aren’t as straight forward as just programming things correctly the first time. Issues can arise due to conflicts between plugins, themes, or specific server settings. Be understanding with us and any plugin or theme developer you reach out to for help.

  • Bad Web Server Redirect Rules

    Consult section 3a above for some examples on how to redirect all traffic to the HTTPS URLs. If this redirect code is not correct or there is similar but conflicting code in your configuration, then infinite redirect loops can occur. Disable the redirect rules to see if that fixes things. Then try to figure out the correct rules for what you need.


Mixed Content Errors

When you load a web page over HTTPS, your web browser will block any content linked through an HTTP (non-secure) URL. WordPress and any properly coded plugins or themes will use “relative URLs” or otherwise attempt to detect whether a site is using SSL before outputting a URL and so will avoid this issue. However, if a URL is “hard coded” with a starting http:// in your blog posts, or a stylesheet, or a JavaScript file, or somewhere else… then these URLs will get blocked when a page is loaded over HTTPS.

You can notice mixed content errors because:

  • Your page may look funny as certain stylesheets, JavaScript scripts, images, or other files aren’t being loaded.
  • The green/gold/etc padlock in the upper left corner (or lower right corner) of your browser may appear red or yellow instead of green or as an ! instead of a padlock.
  • The Chrome/Safari/Firefox/Firebug debug bar “Console” will show errors.

In Chrome, you can view mixed content (and other errors) in the debug tools console by holding Ctrl + Shift + J on PCs or Cmd + Option + J on Macs. Other browsers have similar features. It will look like this:

Note the “Mixed Content” error at the bottom. The error message will tell you what resource/URL is being blocked. You can use context clues in the resource URL to figure out where that bad URL is coming from. If the file is located within your theme, then the problem is probably in your theme. If the file is located within a plugin folder, then the problem is probably in that plugin. If the file is in the uploaded folder, it might be hard coded into the post content. Another common situation is when theme settings, e.g. a header image, are saved into options. Some theme’s and plugins that save options like this save the full URL. You can usually clear out and reset these options to get a new HTTPS URL saved.

There are some plugins that can be used to fix most of these mixed content issues. On the PMPro payment settings page, you can check the “Extra HTTPS URL Filter” setting and PMPro will attempt to correct any non-HTTPS URLs being used on the site. You can also try the Really Simple SSL plugin or the WP Force SSL plugin, which have more complicated methods of fixing mixed content errors.

If you still see errors even after activating one of the above plugins, then you’ll have to fix the issues “manually”. Again, you can reach out to us in our member forums or reach out to the applicable plugin or theme developer to try to get a mixed-content issue fixed. Sometimes, it’s as easy as changing a URL. Sometimes a resource may be loaded from another server that doesn’t serve files over HTTPS at all. In these cases, you’ll need to stop using that service or find a work around.


Summary

I hope this document helps some of you out there newly taksed with moving a site to full on HTTPS. I tried to share as much detail as possible without getting bogged down too much in the technical details. If you have any questions about this or run into other issues while making the move to HTTPS that you think we could address here, let us know in the comments.

If you need help transitioning to HTTPS, we will help our PMPro customers as much as possible in our member forums. Note that sometimes your host and/or SSL provider will need to be involved, so be ready for that. At the very least, we will need to get access information from you and find the time to carefully access your site to debug and fix anything we can.

Lock Your Entire eCommerce Shop for Members-Only

The code recipes below demonstrate how to restrict your online store to members-only using WooCommerce or Jigoshop. If you’re using a different eCommerce plugin, post a topic in our member forums and we will help you get the restriction in place.

This page requires a PMPro Core Account or higher.

Already have an account? Login Now »

New to this site? Register Now »

PMPro Update 1.8.13.6

Version 1.8.13.6 of Paid Memberships Pro is out with a handful of bug fixes.

Included in this update is a fix to the Update Billing page for sites using Stripe. This bug could keep users from updating their billing to maintain membership.


Also included in this update is a fix to our content filter for a bug where member content showed up in searches and archives to logged-out users even if that advanced setting was set to hide that content. The content was still filtered to say membership was required, but on some sites you want to hide the existence of member content altogether, and this bug prevented that. The content filter code is complicated, and while this seems like a fairly straightforward fix, it is easy to introduce new bugs and hard to test all use cases out there. So be sure to run through your content as a member, non-member, and logged-out user to see that your site behaves as expected.

Finally, we also updated the Add PayPal Express and Pay by Check addons today. The updates there fixed some edge case bugs and also made sure that those two addons (as well as a few others) work together well. With both addons activated and configured, you can get a “Choose a Payment Method” box that gives you options to pay by credit card (onsite gateway), PayPal, or Pay by Check. We had a good chat at last week’s Dev Chat about ways to support a general method to allow any number of gateway options. Notes from that chat will be released soon. Development on that feature is TBD.

Please update Paid Memberships Pro from the plugins page of your WordPress dashboard. You can also get the latest version of PMPro here or version 1.8.13.6 specifically here.


The full list of updates is below.

  • BUG: Fixed bug where credit card expiration emails would be sent to users with PayPal Express orders.
  • BUG: Fixed bug when updating billing with Stripe.
  • BUG: Fixed bug where the archive/search filter was not running for logged out users.
  • ENHANCEMENT: Updated Finnish translations. (Thanks, JP Jakonen)
  • ENHANCEMENT: Added filter for modifying the order description in Stripe. (Thanks, Rafe Colton)

Email Marketing Integrations for Paid Memberships Pro

Below is a list of the third-party email marketing integrations available for Paid Memberships Pro.


Third-Party Email Marketing Platforms


 
Sign Up for AWeber

AWeber Integration

Integrate User Registrations with AWeber. Adds members to lists based on their membership level.


 
Sign Up for Constant Contact

Constant Contact Integration

Integrate User Registrations with Constant Contact. Adds members to lists based on their membership level.


ConvertKit

ConvertKit Integration

Integrate your ConvertKit tags with Paid Memberships Pro membership levels. This Add On is provided and supported by ConvertKit.


 
Sign Up for GetResponse

GetResponse Integration

Add users to GetResponse campaigns, with or without Paid Memberships Pro.


 
Sign Up for MailChimp

MailChimp Integration

Integrate User Registrations with MailChimp. Adds members to lists based on their membership level and includes level ID and name as merge fields.


On-Site User Email Systems


Email Users Integration

Easily kick off an email to your WordPress site users directly in the WordPress admin. You can segment users by a few criteria, including their Paid Memberships Pro “Membership Level”. The Paid Memberships Pro integration is built in to the core plugin.

View the Plugin

MailPoet Integration

Adds a checkbox on checkout page for your customers to subscribe to your MailPoet newsletters. This Add On is provided and supported by MailPoet.

View the Plugin

Capture Default WP User Profile Fields at Membership Checkout using Register Helper

Our Register Helper Add On allows you to add new profile fields at membership checkout. This recipe will demonstrate how to use that add on to capture and populate the default fields in the WordPress User profile.

Default WP User fields at checkout


What are the default WordPress User fields?

The WP_User class has the following core fields that you may want to capture at membership checkout. It’s important to use the exact field “key” so that captured fields are properly matched to the default profile field.

Field Key Field Name
user_login Username*
first_name First Name
last_name Last Name
nickname Nickname
email Email Address*
url Website
description Biographical Info

* This field is already captured at Membership Checkout with a default Paid Memberships Pro setup.


Capture First and Last Name

You can skip the methods below and use the Add Name to Checkout Add On to instantly add the fields for First Name and Last Name on membership checkout. This method does not require Register Helper.

View the Add On

Use Billing Name as First and Last Name

This tutorial shows you how to synchronize fields from the Billing Information section of membership checkout with user meta fields, included custom fields added via the Register Helper Add On or fields core to the WordPress user object.

View the Tutorial

Capture Some Other Default User Meta Field

Below is the code to use the Register Helper Add On to capture the “Biographical Info” and “Website” fields at membership checkout.

Copy and paste this code recipe into your theme’s functions.php file or a helper PMPro Customizations plugin (our recommended method).

Hide “Discount Code” field on Membership Checkout for Free or Specified Levels

If your membership site makes use of discount codes, the fields to enter a code will appear on the membership checkout page for all levels. Use the code recipe below to hide these fields for a free membership level checkout or for specific levels you don’t offer discounts for.

pmpro_hide-discount-code-free-level

But wait, why don’t you just do this automatically?

Some people make use of the Discount Codes in unique ways – even for their “free” levels. For example, we have one customer using these codes as “Invoice Numbers” that are mapped to a specific dollar amount. The member selects the “level” which has no fee, but enters the provided “code” to pay their amount owed. Or, some use discount codes to extend a free trial period.

This page requires a PMPro Core Account or higher.

Already have an account? Login Now »

New to this site? Register Now »