Someone asked in a Facebook group I’m in how to make a private page for multiple users to access without using a full-blown membership plugin and without using one shared password-protected page. I had done something like this recently for a project and wanted to share how to do it. It only requires two plugins that are freely available in the WordPress plugin repository.
What's in this article?
Step 1: Backup your website
You should always backup your website before making changes to it, such as installing plugins and changing user role configurations. I have a blog post that covers several different methods for backing up your WordPress site that can help you out of you don’t already have a plan in place.
Step 2: Install the plugins
The plugins you’ll need for this are User Role Editor by Members and Peter’s Login Redirect. Both of these plugins are available in the WordPress plugin repository so it’s easy to install them from your WordPress dashboard.
Step 3: Create your new user role
The User Role Editor plugin adds the option to create a new user role. The steps in this tutorial include creating a new user role, but it’s not strictly required.
To add a new role, navigate to Users > Add New Role
You’ll need to give your new role a name, and then choose the correct permissions for this new role. In addition to the default permissions given, you’ll need to add “Read Private Pages”. You may also want to select Posts > Read Private Posts of you think that might be needed. (This can also be added/changed later, if you want to.)
Be sure to save your changes when you’re done.
After you’ve created the new role, go to Users > Add New and create a new user in this new role. (You’ll need this for testing purposes.) You’ll need to use a different email address to create this account. Be sure to take note of the password so you can log in as this user later for testing.
Step 4: Create your private content page
You can either use an existing page, or create a new one. The important part for this will be to set the Visibility to Private. (If you are using the newer Block editor, this setting will be under the Document settings on the right, under Post Visibility.) This will make the page Private, which would normally make it only visible to site admins and editors.
You’ll also want to set the Content Permissions, which can be found towards the bottoms of the edit area, below the content area.
Under Roles, I selected the new role I created, Private Content, as well as the Administrator role, to make sure I didn’t have any issues viewing the page.
Then make sure you add an error message, so that if anyone goes to the page without being logged in, they see something other than just a blank page. I usually just use something very simply, like “Page content for members only. Please login to view this page.” It’s also really helpful to add a link to the login page, which is “/wp-login.php” for most WordPress websites, unless it’s been changed by another plugin.
Step 5: Set role-based login settings
The next step is to be sure to redirect the users in this new role to the private page when they have logged in. After you have installed and activated Peter’s Login Redirect plugin, go to Settings > Login/Logout redirects in your Dashboard.
Look for the option to create a rule based on a Specific Role, and use the drop-down to select the role you created.
In the URL field, add the permalink for the private content page in the URL field. If you’d like them to be redirected to a specific page when they logout, you can also enter that here. I have entered just a “/”, which will redirect them to the home page of my site when they logout.
Step 6: Test
That’s it! Now, you just need to test it. Usually, for testing, I either open a different browser, or an incognito window in the same browser, so I can test as the other user without having to log out of my administrator role. If you’re not going to use a different browser or an incognito window, be sure you know your administrator account password so you can log in again.
To test, try going to the private content URL and make sure the page content is hidden, and that the correct error message is displaying. Then login to the site and make sure you are redirected to the appropriate page and that the content is now visible to you. If you entered a logout redirect URL, then go ahead and log out to make sure that is working as well.
I’ve also included a tutorial video from my YouTube channel. I made it a few years ago and while one of the plugins has a new name from in the video, the rest of the process is the same.
If you found this tutorial helpful please let me know by commenting below. I love to hear from my readers.
Hi Terri,
I am new to restricting content on wordpress and trying to learn a lot quickly and getting overwhelmed.
I need to create a website with lots of important documents for employees only. I need just a home page visible then a button to click to login that will then open the website up with more menus and all the content. This is for a frontend experience only and I don’t want any employee viewing any of the backend of the website. I also want to be the only one to be able to create new users and don’t want people to be able to register themselves.
Is this something I can do with this process you explained here? I am just getting confused you direct people to login with the wp-login page?
Any advice is truly appreciated.
thank you,
You could create their accounts instead of having them create their own, but they would still need to log in somehow. There are plugins that prevent Dashboard access to specific user roles. It could be done mostly with the tools I mentioned, but would take some finessing, and probably another plugin to prevent their Dashboard access. If you are interested, I offer 1:1 training and we could walk through getting it set up together via Zoom. Send me a messsage from the Contact page if you want more info about that.