While some membership sites want to grow and attract as many people as possible to sign up, others are a bit more closed off and private.
What kind of private sites? I’m talking about internal sites for a company or an invite-only site that requires the admin to create your account.
Because let’s face it, sometimes members expire, cancel, or you proactively remove their access. For these users, while they still have a WordPress account, they don’t have a membership. They can log in, but they can’t access anything.
This recipe post shows you two method to restrict user login for anyone without an active membership level or valid email address.
This is especially helpful for a site that is totally locked down for members only, where you only allow public access to the homepage and login screens.
Code Recipe #1: Restrict User Login to Active Members
This code recipe restricts user login attempts for any user that is not an active member of your WordPress site. Once this recipe is in place, any user that does not have a membership level will fail to authenticate. This is a very powerful recipe, so please use it with caution.
While there are definite reasons to restrict user login in this way, this approach is also very limiting. For example, the login restrict code also blocks users who want to renew an expired or cancelled membership.
As an alternative, consider the second recipe in this post that is less heavy-handed. The bonus recipe restricts user login for users that have not confirmed their email address (requires the Email Confirmation Add On).
Note: Please use this recipe with caution as it is a very heavy-handed approach to blocking access for your site. As long as all of your content is correctly protected, a user without a membership level will not be able to view anything private. Also, note that a user with a previous membership level that is trying to log in as part of the checkout process will also be blocked. We suggest adding a message to your login page that logins will be blocked unless you have an active membership.
Code Recipe #2: Require Confirmed Email Address to Log In
For a less heavy-handed approach, this recipe specifically limits login attempts if the user has not validated their email address when using the Email Confirmation Add On.
*Note- At this time users will not receive a warning message explaining why they’re unable to log in if you’re using the PMPro login page.
Adding the Recipe to Your Website
You can add this recipe to your site by creating a custom plugin or using the Code Snippets plugin available for free in the WordPress repository. Read this companion article for step-by-step directions on either method.
Free Course: Membership Site Development—The Basics
Develop a deeper understanding of membership site development in this beginner-level course. Learn how to make your site work better, save yourself time and money, and improve your site's performance.
