How to create a private area in WordPress

A pretty common use case when it comes to more structured websites, or better websites that offer a service to their audience, is to create a private area, only available to a selected group of people.

Think of this as a customer portal, or an area where to share protected information that should not be visible on the main website.

WordPress does little in that regard, by default. Sure, one could create a few password-protected pages and then privately communicate the access word to users, but that’s not exactly the description of how a private area should look like, and it’s going to be very manual.

More so, password-protected pages may still end up in our website’s sitemap, which results in search engines indexing pages that are really of no use to the majority of people.

What makes a private area

So, how could we describe a full-blown protected area, and what features should it have, in order to be called it? Not only we want to restrict page access, but we also want to control how such restriction is put in place. Specifically:

1. User groups: access should be granted not only to individual users, but rather to groups of users, private area members if you like, with individual of each group being able to perhaps see different things within the private area.
2. In light of point #1, granting access to the private area should be as automatic as possible: adding a new user should be as easy as associating a specific role to that user.
3. There has to be visual consistency in the pages that build up the private area: typically they have their own style, and, in most cases, a shared navigation that’s going to help users orientate through the contents of the protected area.
4. The area should be excluded from being indexed by search engines.

If you’ve ever worked with WooCommerce, and ever taken a look at how their private area is managed, you’ll find more than one similarity.

In some cases, though, we don’t have WooCommerce installed; or, maybe, we may not even need an e-commerce at all, but still require to hide some content from the public website.

For example, one of the most common use cases is file sharing between the site admins, and the users of the website.

So, what can we do in order to accomplish this?

Private area: our approach

One way is to hire developers, instruct them about how you need your private area to be built, and wait that they work their magic.

Another way is to look for a plugin that does the job. There are not many plugins out there that satisfy all the four requirements above, so we have decided to create our own: it’s called Private Area, and it’s available as a free download on WordPress.org.

The approach we’ve followed not only adheres to the four principles listed above, but also does it in a lightweight manner that doesn’t impact on your website performance.

So, how can we create a protected area in our website using our plugin Private Area?

We begin creating the pages that area going to compose the private area. The pages you’re going to create are just regular pages, but they have something that’s tells them apart from the rest of the pages you may already have: they must be using a page template, called “Private area”, that’s going to be available as soon as you activate the plugin.

Simply associating and saving a page to this particular template has one immediate effect: it hides that page from search engines and prohibits access to anyone that’s not an administrator for the website.

Another big plus when using pages for this purpose as well, is that you can build them just about any way you want: you may use the WordPress Block Editor for that purpose, or even use one of the page builders available, such as Elementor.

Also, within a page, you could use valid plugins such as Restrict Content Pro to make different private area members see different things.

After creating the pages you need, you may head to the plugins settings, under Settings > Private area.

From here, you’ll find a list of all the pages you’ve “flagged” as private using the method illustrated above. For each page, you’ll be able to select exactly which roles have access to its contents.

Upon saving the settings, only users belonging to the specified roles will be able to see the contents of that page.

But what happens to users that don’t have access to the contents of that pages?

By default, a standard error message is displayed instead of the regular page content. This may be fine for most people, but for more advanced optimizations, there’s a filter hook that you can use (wp_private_area_rejection_text, is its name) to customize the message being displayed, or even display a log in form, after it.

Pretty cool, right?

What next?

We have quite a few ideas regarding how the plugin can evolve over time.

One of them is creating more types of access, that means introducing different access criteria besides the one that’s already baked in the plugin, logged users with a specific role.

Our idea is to create a number of companion plugins that can extend the private area functionality: in this scenario, Private Area is a framework to build upon, as it gives us, and any developer in the world, a platform to create unique implementations that suit their clients needs.

If you want to stay in the loop, give the plugin a try, perhaps subscribe to our newsletter to be notified of updates, and if you have a great idea for the plugin, you may suggest a feature you’d like to see implemented.