protected Content - buddy press private site

Hi,

I'm in the early process of designing a private buddypress / multisite installation for my family and extended family members.

Given these criteria below, what would everybody recommend to make this happen? I'm thinking Pro-Sites and Protected Content?

a-) I would like to make the all of the main buddy press site private, viewable and post-able to signed in members only, and make that membership by invitation only, so that the family members need to enter an invite code when they sign up to gain access.

c-) I would like to offer family members an advanced option so that they can create their own websites, using Pro-Sites I know how to do that... not sure how to give them the option of making these protected or open blogs if they choose? I don't think I would want to charge anything for this "pro" option, I mean this is just all family that is spread all around the world, a way to keep connected without the issues of Facebook. How would I setup a pro option in pro sites that is also free? Coupon?

Any ideas, or experiences in making this work would be awesome and appreciated!

Chris

  • Patrick

    Hi there @Chris

    Happy new year!

    Having a private network of sites for family members sounds like a very cool idea.

    For what you have described, you really wouldn't need Pro Sites, as creating a site in your network is default WordPress multisite behavior; no need for a plugin for that.

    You would basically just be using Protected Content for the coupon codes

    As for the privacy requirements, I would suggest our Multisite Privacy plugin:
    https://premium.wpmudev.org/project/sitewide-privacy-options-for-wordpress-mu/

    Once installed, you can set it up so that visitors must provide a password to gain access. If they already have an account on a site in your network, they can login to that site.

    If they don't have an account, they can create one on the main site which adds them as a network user.

    See an example of a locked-down network here:
    http://reallywantthis.com/

    As you can see, a password is required, but there's a link there to login. If you click that link, you can register an account.

  • Chris

    So, in your experience then, will all this work?

    Protect the BuddyPress main site with Protected Content plugin forcing anyone wanting to read to have a membership, make those memberships need an invite code to register, offer enhanced web site to those who want it with Pro-Sites (how would I do the no-charge? coupon it?) and then use multi-site privacy to allow website users to decide whether they want their websites private to the buddy press users or public to everyone ?

    Can anyone suggest a plugin that would offer invitation codes to be mailed out by members to other family members?

  • Predrag Dubajic

    Hey Chris,

    Both Protected Content and Pro Sites plugin have coupon code as an option which you can use to add 100% discount for registration.
    With Protected Content you can create multiple access levels and assign different coupons for each one of them.

    You can use pretty much any newsletter plugin like this one to create list of members and mail them the coupon codes.

    Hope this helps.

    Best regards,
    Predrag

  • Chris

    I guess I am still not fully clear on how this all would work.

    Am I right in thinking that I would not even need Protected Content?, if I use Multisite Privacy and Pro-Sites?

    Would multisite privacy lock down the buddypress main site and provide prosite website users with the option to turn privacy for their site on and off?

    Then all I would need is Signup Code? ...and a way for members to send invitations to other family which I believe Invite Anyone plugin will handle.

  • Predrag Dubajic

    Hey Chris,

    Hope you're doing well today

    I did some testing on my end to see how would you able to accomplish this and I believe you can do all you want using the Multisite Privacy like you mentioned.

    You would need to create new sites and after that in your network admin panel go to Settings > Network settings and select "Only allow a registered user to see a site for which they are registered to" option, check the "Update All Sites" option and save the settings.
    Now in each individual site go to Settings > Reading and choose correct "Site Visibility" option for each site.

    Save the changes and that should be it.

    Hope this clears things up.

    Best regards,
    Predrag

  • Chris

    Hi Predrag,

    It is a nice day, thank you!

    It's not working for me and I have no idea why!. Here is what I have done.

    I have a multisite installation set up with BuddyPress, ProSites and Multisite Privacy all network activated. At this point I DO NOT HAVE an invite system in place. One thing at a time!

    In ProSites, I have set up a Pro Site and a coupon since I don't really want to charge family for their sites, I just want to have some control over who installs which plugs and themes.

    In my admin > network settings > registration settings > allow new registrations I have checked off Both sites and user accounts can be registered.
    Down below in Site Privacy Settings I have:
    > Show Privacy Options at Sign Up set to YES
    > Available Options set to - Only allow a registered user to see a site for which they are registered to
    > Default Setting - Only allow logged in users to see all sites.
    > Allow Override - YES

    And then in my buddypress site Settings>Reading I have set
    > Site Visibility - Only registered users of this blogs can have access - anyone found under Users > All Users can have access.

    Now, whenever I go to my home page, it redirects to the standard WP log in form and if I click on Register, it redirects back to the standard WP log in form.

    Any idea where I might be going wrong?

    Thanks in advance,
    Chris

  • Ash

    Hello @Chris

    I have made a setup in your site.

    1. Signup code is activated so that users can join with a sign up code, otherwise they won't be able to signup.
    2. Multisite privacy plugin is activated, where the sites can be made private or pubic. I have set main site to be private with just a code.
    3. You can now use Membership plugin to protect the buddypress page. In membership plugin, you need to create a level, add buddypress page as positive rule, and set that level as default level for registered user from Membership > Options > General.
    4. And using Pro Sites, you can control the plugins and themes over the network.

    Please check and let us know how it goes.

    Cheers
    Ash

  • Chris

    HI Ash,

    Thank you, I appreciate the help, I just wish I knew "how" you were able to get it all working the way you did. I have been looking at the settings for Signup Code and for Multisite Privacy to try and figure out where I went wrong.

    What would Membership Plugin do for me now? Isn't Buddypress pages already private? When I am logged out and visit any page, I get redirected to the Signup Code password page.

    Is there any way to customize the Signup Code landing page?

    Cheers and thanks for everything!
    CHris

  • Ash

    Hello @Chris

    I hope you are well today.

    Well, there was not much configuration though

    I have installed signup code plugin and activate the plugin so that no users can join without a signup invite code. And then using Multisite Privacy plugin, I have made the site private, but can be accessible with a code.

    Well, you need membership plugin. The main site is protected with a code now. A visitor who has the code but not registered will still be able to visit the buddypress pages So, you need to use membership to restrict buddypress pages.

    Is there any way to customize the Signup Code landing page?

    You mean the page it asks for Multisite Privacy? I have checked the code and it seems it uses wp-login.php page. You can make some styling of this page using any login page customization plugin, or even with some custom code. Any idea, how you want it to be styled?

    But it's not possible to redirect into a front end page out of the box. Let me tag the developer for his opinion if there is any workaround.

    Cheers
    Ash

  • Chris

    HI Ash,

    Thanks for clarifying the membership requirement, in this case it is not really required I think since the concept is a private "for family members only" buddy press install - so if they have the code then it has been provided to them by an uncle, cousin, brother etc.

    What is confusing is if they clear their cookies then they will be redirected to the passcode lock page and will have to enter that code again, or login again and the standard login form is kind of confusing to some people. So I want to make a login page that is much clearer on the options and has something like this...

    sample

    or even better yet something like this... (even easier and simpler!) and maybe make it three columns, 1-) Log In, 2-) Forgot Password 3-) Register - which can even just be the pass code and a button leading to register page.

  • Ash

    Hello @Chris

    I am afraid, to implement this it will need a fair amount of custom code and customize the Multisite Privacy plugin. Also, if you need to customise this then you can post a job in our job board where you can hire a developer to assist further: https://premium.wpmudev.org/wpmu-jobs/ Please note that, no WPMU official staffs are allowed to work in the job board.

    Cheers
    Ash

  • Chris

    Hello Ashok,

    Please understand it was never my expectation that you code this for me. I was merely providing the feedback that you asked for above....

    Any idea, how you want it to be styled?

    And, wondering out loud if there is a plugin or plugins available here to me that might be able to help me accomplish this.

    I do have one quick question though, does Multisite Privacy protect RSS feeds from being read by non-logged in users? Or for that matter, stop images from showing up on another site somewhere if somebody posts the URL?

  • Ash

    Hello @Chris

    I hope you are well today.

    Please understand it was never my expectation that you code this for me.

    I really didn't mean that, sorry for misunderstanding

    does Multisite Privacy protect RSS feeds from being read by non-logged in users?

    You can use the following code:

    add_action( 'pre_get_posts', 'pre_get_posts_cb', 99 );
    function pre_get_posts_cb( $query ){
    	if( ! is_user_logged_in() ){
    		if( $query->is_feed ){
    			$query->set( 'post_type', array( 'null' ) );
    		}
    	}
    }

    "null" could not be any valid post type in your site. This code will hide the rss feed from non logged in users.

    You can add those codes in your functions.php in the theme, if you think your theme won’t be changed. Otherwise mu-plugins is the best solution. To use mu-plugins, go to /wp-content/ and find the folder with name 'mu-plugins'. If there is no folder in that name, then create a folder, name it 'mu-plugins', create a file inside that, give any name you like and paste the code in there. You don't need to activate that plugin. Mu-plugins means must use plugins, so it will be activated automatically always. If you use mu-plugins then add a php start tag at the beginning of the code.

    stop images from showing up on another site somewhere if somebody posts the URL

    Well, this is little difficult. If anyone has direct URL of your images, they can access the image. Though you can try using this in your htaccess:

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.ltd [NC]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.ltd.*$ [NC]
    RewriteRule \.(gif|jpg|js|txt)$ /messageforcurious [L]

    You need to change the domain and ltd with your original domain.

    Hope it helps Please feel free to ask more question if you have.

    Cheers
    Ash

  • Chris

    Hi,

    Its not working correctly.... when I enter the registration code it takes me to the login fine but when I enter my username and password at the log in - it tells me that it is wrong. Since I have wordfence set up to tell me every time somebody logs in, I get an email saying that I have just logged in but I am still at the log in page entering wrong passwords...

    Granted, if you are already registered and have an account, you probably will not enter the SignUp Code as it is not necessary you can go right to login screen.... BUT... that is not easily apparent from the default code form that you can click a login link. So, I can see aunts and uncles and grandparents etc. getting stuck here.

  • Ash

    Hello @Chris

    I am sorry I am still not clear about the problem.

    when I enter the registration code it takes me to the login fine but when I enter my username and password at the log in - it tells me that it is wrong.

    Would you please temporarily disable the Wordfence plugin and check if it is a conflict?

    Also, I have tried to login in your site but it seems the server is down at the moment. I am seeing a "Page not available" screen.

    Please let us know.

    Cheers
    Ash

  • Ash

    Hello @Chris

    I hope you are well today.

    I have just created another account called btest and successfully logged in, though before that I have deactivated privacy password access for the main site.

    I will recommend to disable the feature for main site only and using membership to protect the BP pages. As the privacy plugin will protect all of your pages, but you still will need the register, activate etc pages open.

    Please let us know what you think.

    Cheers
    Ash

  • Michael Bissett

    Hey @Chris,

    When I click on the link for the site you created on the sites tab, it sends me to a search engine page instead of to your site you created. why?

    The first thing that comes to mind would be the .htaccess rules, could you post them here please?

    Also, when I look at the ad for this plugin it shows the code field on the register form. How do I get that to work? See pictures in my previous post.

    I'm seeing that the field's already there on your BuddyPress registration, though it's been renamed to "Invitation Code" (see screenshot below). Is it not showing up on your end?

    Please advise,
    Michael

  • Chris

    Hi Michael,

    Thanks for helping, I really do appreciate it.

    The first thing that comes to mind would be the .htaccess rules, could you post them here please?

    #WFCACHECODE - Do not remove this line. Disable Web Caching in Wordfence to remove this data.
    <IfModule mod_deflate.c>
    	AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json
    	<IfModule mod_headers.c>
    		Header append Vary User-Agent env=!dont-vary
    	</IfModule>
    	<IfModule mod_mime.c>
    		AddOutputFilter DEFLATE js css htm html xml
    	</IfModule>
    </IfModule>
    <IfModule mod_mime.c>
    	AddType text/html .html_gzip
    	AddEncoding gzip .html_gzip
    	AddType text/xml .xml_gzip
    	AddEncoding gzip .xml_gzip
    </IfModule>
    <IfModule mod_setenvif.c>
    	SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip
    	SetEnvIfNoCase Request_URI \.xml_gzip$ no-gzip
    </IfModule>
    <IfModule mod_headers.c>
    	Header set Vary "Accept-Encoding, Cookie"
    </IfModule>
    <IfModule mod_rewrite.c>
    	#Prevents garbled chars in cached files if there is no default charset.
    	AddDefaultCharset utf-8
    
    	#Cache rules:
    	RewriteEngine On
    	RewriteBase /
    	RewriteCond %{HTTPS} on
    	RewriteRule .* - [E=WRDFNC_HTTPS:_https]
    	RewriteCond %{HTTP:Accept-Encoding} gzip
    	RewriteRule .* - [E=WRDFNC_ENC:_gzip]
    	RewriteCond %{REQUEST_METHOD} !=POST
    	RewriteCond %{HTTPS} off
    	RewriteCond %{QUERY_STRING} ^(?:\d+=\d+)?$
    	RewriteCond %{REQUEST_URI} (?:\/|\.html)$ [NC]
    
    	RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|wf_logout|wordpress_logged_in|wptouch_switch_toggle|wpmp_switcher) [NC]
    
    	RewriteCond %{REQUEST_URI} \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$
    	RewriteCond "%{DOCUMENT_ROOT}/wp-content/wfcache/%{HTTP_HOST}_%1/%2~%3~%4~%5~%6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" -f
    	RewriteRule \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ "/wp-content/wfcache/%{HTTP_HOST}_$1/$2~$3~$4~$5~$6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L]
    </IfModule>
    #Do not remove this line. Disable Web caching in Wordfence to remove this data - WFCACHECODE
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    # add a trailing slash to /wp-admin
    RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
    
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
    RewriteRule . index.php [L]

    I'm seeing that the field's already there on your BuddyPress registration, though it's been renamed to "Invitation Code" (see screenshot below). Is it not showing up on your end?

    It is indeed on there - now. Some changes were obviously made since I posted the pic above my-signup-screen.png which is what was coming up at my home page url. Now it is on my registration page but my buddypress pages are no longer private and the home url does not take you to the login screen, which was the whole concept that I was hoping for.

  • Michael Bissett

    Hey @Chris,

    The .htaccess rules look fine, but upon further investigation, it seems like a wildcard subdomain may not be in place here.

    After running the subsites on your network through this:

    https://www.whatsmydns.net

    I noticed that all of the locations there came up with an X (if there was a wildcard subdomain in place, they should all be coming up as check marks).

    Regarding this:

    ...my buddypress pages are no longer private and the home url does not take you to the login screen, which was the whole concept that I was hoping for.

    On the BuddyPress pages not being private, my colleague @Ashok had commented on this a bit earlier in the thread:

    I will recommend to disable the feature for main site only and using membership to protect the BP pages. As the privacy plugin will protect all of your pages, but you still will need the register, activate etc pages open.

    In this case, what you could do would be to set up a level inside of Membership with Positive rules, allowing access to the BuddyPress pages, and then set up a free subscription (with an Indefinite duration) that contains that membership level.

    Then, if you go to:

    Membership -> Options -> General

    You could set "Use subscription" to the subscription that contains your free level, so that it'll be assigned automatically once your relatives register using your registration form.

    Now, as for the home page... are you looking for it to redirect to WordPress's login screen, or did you have a different page in mind?

    If you're wanting to assign a page you've created as the home page (such as the "Welcome" page), you can go to:

    Settings -> Reading

    And setting "Front page displays" to "A static page", thereafter selecting the desired page, and saving the settings.

    Please advise,
    Michael

  • Chris

    Hi Michael,

    The .htaccess rules look fine, but upon further investigation, it seems like a wildcard subdomain may not be in place here.

    Yeah, and what makes it even worst is that I knew I had to do that too... I was so confused by the trees that I did not see the forest! That's my story...

    All right, so if I have this right, SignUp Code is doing exactly what I want it to do, I just have to make the buddypress pages private now. Multisite Privacy is not going to get this job done, its the wrong plugin? I see that all the settings in Multisite Privacy are basically off, so I assume I can delete it and move on to using membership now? Everything I read here suggested that Pro Sites and Membership were not always being nice to each other. Has that changed? You also have protected content now. Why membership and not protected content or vice versa?

    from Protected Content...

    Limit access to pages, posts, categories, words, paragraphs, links, videos, audio files, images, PDFs, forums, menus, courses, comments and anything else you can set up with WordPress.

    Thats basically everything I want to protect.

    Now, as for the home page... are you looking for it to redirect to WordPress's login screen, or did you have a different page in mind?

    I would like to create a really basic page (probably the one named welcome or some such) and set that to be the static page to be used for home (in settings > reading) On this page I will place a log in form, a forgot / reset form, and a Register button that will link to my domain.com/register/ and then that should bring up the register form with the signup plugin invitation code field, yes?

    If I understand what I have been researching then I will need to create some functions to redirect wp-login.php to my custom login page such as described
    here .... or do y'all have a plugin that will basically cover that?

  • Predrag Dubajic

    Hey Chris,

    Hope you're doing well today

    May I suggest having a look at this thread where Michelle gave some explanation on using Membershiv vs Protected Content.
    From what I read I believe that the Protected Content would be the right choise.

    As for the Login page you can try this plugin which is used as a shortcode in your page content and also has an option to redirect your members to certain page after the login.

    Hope this helps.

    Best regards,
    Predrag

  • Chris

    Hi Predrag,

    Thank you so much for jumping in, your input is always appreciated!

    That is a great plugin / widget recommendation! It fills the bill perfectly, with both login, forgot password widgets / shortcodes it will make laying that page out a breeze.

    From what I can comprehend, Protected Content would be the right choice going forward especially. The future development of protected content vs membership is a big consideration especially since this family project is really just a test of a larger concept for me, I'm using my family members as lab rats for a bigger project!

    The one thing that concerns me though is this thread on an
    ongoing issue that is 3 months now without resolution as of today.

    Michael, you and Ash both recommended Membership over Protected Content. May I ask your reasons?

    Cheers,
    Chris

  • Ash

    Hello @Chris

    I hope you are well today.

    Michael, you and Ash both recommended Membership over Protected Content. May I ask your reasons?

    Well, I didn't recommend membership over Protected Content though, but after reading your question I though you are already using membership plugin and you are familiar with that. So I didn't want to tell you to try another new plugin

    We always recommend to use Protected Content over Membership, though we will continue providing support on membership issue as well. But Protected Content is more organized and in under rapid development

    About the other thread, I can confirm that the developer is already aware of the issue and working on that. We appreciate your patience on this.

    Cheers
    Ash

  • Predrag Dubajic

    Hey Chris,

    Just a little followup if you decide to go with the Protected Content, you can use the shortocode that comes with the plugin to create your login page and it also has options for redirection, you can find all this and more when you go to Protected Content > Help > Shortcodes tab.

    This is the code you can add to your page:
    [ms-membership-login redirect="REDIRECT_URL"]

    Best regards,
    Predrag

  • Chris

    Hi,
    I installed protected content and activated it.

    New Membership pages created: "Memberships", "Protected Content", "Account", "Register", "Registration Complete".

    It created the pages above, but I already had a "register" page from my buddypress installation, so now I have 2 pages names register, original one the slug is register, the new slug created by this plugin register-2.

    Not knowing how to proceed, what should I do next?

    Cheers!
    Chris

  • Chris

    Hi Ash,
    I think maybe what happened was that I did have Protected Content installed at one time on this site, played with it, then was redirected to use Multisite Privacy. So I deleted Protected Content. Now, when I re-installed it - it loaded the previous settings I had played with.
    So, I am kind of confused on what to do next.
    Is there some way to reset the settings to clean start?

  • Predrag Dubajic

    Hey Chris,

    Hope you're doing well today.

    There is no currently option to reset the settings directly from the plugin settings but this is going to be included in future versions
    As for now you can do this:
    Access your WordPress installation using FTP and navigate to wp-content/plugins/protected-content/app/model/ folder and edit class-ms-model-upgrade.php
    On line 40 you should be able to see this code:
    public static function init() {
    Now right after that code paste this:
    self::cleanup_db();
    After you saved and uploaded the file back you need to access your admin section and open any protected content page. When the page is loaded the settings are reset.
    You now need to remove that line from the file and that should be it.

    Let me know if this works for you.

    Best regards,
    Predrag

  • Chris

    Hi Michael,

    I really didn't expect you to clean all that up! I do appreciate it though. I left it all like that for you to see since I found it kind of odd.

    Anyway, I agree, the original question has really been answered, the best solution to my project has been provided and now it is simply about settings etc.

    So, I am marking this as resolved and I thank each and every one of you for all your help, suggestions and janitorial work !!!

    Cheers!
    Chris