It has been a couple of years since we originally wrote our plugin recipe for a secure client area in WordPress, which proved pretty popular, but we’d now recommend a different method to achieve a client area in your WordPress powered website. A recent WordPress project called for a secure area for each of the websites registered users. Each user would have access to an area where they could view private pages and download files in a secure manner.
Choosing the right plugin for your Secure Client Area.
We downloaded and tested a few “client area” plugins before settling on the Customer Area plugin by Marvinlabs. Go ahead and install it through your WordPress plugin menu, or download it from WordPress plugin repository. Once activated the plugin creates a couple of custom post types; cuar_private_file and cuar_private_page and makes the necessary pages and populates them with the relevant shortcodes. A custom menu is also created titled “Customer Area Menu” which is displayed in the users private area for navigation around the private files and pages. You’ll see a new menu area in your WordPress admin called “Customer Area”. Under this you’ll see two sets of options for creating private files and pages. Creating new private pages and uploading files follows the standard WordPress method, the only real difference is that you’ll see an extra meta box titled “Owner” where you can select which user as access to the file by using the drop down box.
Customising the look of your Client Area.
Out of the box the plugin uses the standard page.php template to display your clients private files, but if you need more control over the look of your secure private area you’ll probably need to over-ride some of your themes template files. We ended up adding the following template files to our theme; single-cuar_private_file.php and single-cuar_private_page.php along with some other files in order to have complete control over the look of the pages.
Hiding the WordPress admin bar.
You’ll probably want to keep your clients out of the WordPress admin screens, even if they only have access to the “profile” page it can be confusing for clients if they’re not expecting it.
The following snippet, once added your theme functions.php file will hide the admin bar from everyone who isn’t an “administrator”. If your website has users with other roles, such as Editor, or Contributor, you’ll have to adjust this code accordingly.
// Disable the WordPress Admin Bar for all but admins. if (!current_user_can('administrator')): show_admin_bar(false);endif;
Whilst we’re here we’ll also redirect any users trying to get into the WordPress admin area using the standard URLs.
Testing your client area.
- Create a new user for your website (our client).
- Make a private page, remembering to set the Owner to the user we created above.
- Make a private file, uploading our document, and again setting the owner.
- Logout and test by logging in as the user created in step 1.
Other things to consider.
Unless you are OK with your clients visiting the standard WordPress login screen you’ll want to consider improving this for a smoother user experience.