Restricted content is still being displayed on archive pages, lists, etc?

By default, Access Conditions will only apply to the pages that represent the selected content, and the content will not automatically be hidden if displayed in lists or available elsewhere on a site.

If you for example use Access Conditions to restrict a given post, it is ensured that only members can visit this post. However, the post may still be fully or partially visible in other places such as archive pages, search results, widgets, custom lists, or the WP REST API.

There are several options to completely hide restricted content, and below are a few use case examples.

 

Good to know: Administrators will by default have access to all content.

 

How to restrict content in archive pages and search results

  1. Use Access Conditions to restrict archive pages and search result pages altogether. Recommended for sites where non-members shouldn’t be allowed to browse content.
  2. Display excerpts only or no text at all. Recommended for sites where non-members may view the titles and/or teasers of restricted content.
    Go to User Access -> Settings in the Admin Area, find the setting “How to display content in lists” and select “Excerpt only” or “Hide content”
  3. Use the Visibility Control add-on to automatically hide restricted content from archive pages, search results, and more.

 

How to restrict content in widgets

  1. Use Content Aware Sidebars to show different widgets for different Access Levels.
  2. Use the Visibility Control add-on to automatically hide restricted content from widgets, and more.

 

How to restrict content in navigation menus

Restrict User Access make it possible to show and hide menu items for select Access Levels.

  1. Go to Appearance -> Menus and select the menu you want to edit
  2. Find the menu item you want to hide
  3. Use the “Access Levels” option to select the levels whose members should see this menu item

 

How to restrict content in WP REST API

  1. Restrict User Access enables REST API Content Protection by default. Without disabling the REST API, this enforces the principle of least authority to minimize attack surfaces and stop threat actors from harvesting your data.
    To disable this functionality, go to User Access -> Settings in the Admin Area, find the setting “REST API Content Protection” and toggle it off.
  2. Display excerpts only or no text at all.
    Go to User Access -> Settings in the Admin Area, find the setting “How to display content in lists” and select “Excerpt only” or “Hide content”.
  3. Use a 3rd party plugin to completely or partially disable the WP REST API for select users or roles.
  4. Use the Visibility Control add-on to automatically hide restricted content from the WP REST API and more.
Was this article helpful to you?