Access to posts, pages and custom post types* such as products can be restricted by group. Any existing group can be used to restrict access and you can create as many different groups as needed to protect entries, so that only members of the corresponding groups can view them.
*Many plugins define their own custom post types: products, events, topics, stories, slides, … you name it. We’ll simply refer to posts or entries here but the concept is extended to any of those kinds.
When read access to an entry is restricted by choosing one or more groups, only those users that belong to any of those groups can view it.
So how do you restrict access to an entry? You simply use the Groups box to choose one or more groups in the Read field it provides. Please note that users with permission to Administer Groups can choose any group, while those who can only Restrict Access must be a member of a group to use it.
If no group is chosen in this field, the entry is visible to anyone.If you choose at least one group, then the entry will be restricted. For example, let’s use a group named Premium to restrict access of an entry to members of that group only.
Choose the group and publish or update your post. Now if someone wants to view the entry, it’s required to be a member of this Premium group.
If you choose more than one group, to view the post it’s sufficient to be a member of at least one of those groups.
You can also create a new group directly from this field (permission to Administer Groups is required for this). Simply type the name of the group you want to create and use to restrict the entry.
Important Note: Unless you have permission to Administer Groups, in order to be able to use the group, your user account must be assigned to that group. Also, if you try to create a group that already exists and are not a member of that group, the assignment will fail. Group names are case-sensitive and if you create a group here, the first letter of each word will be capitalized.
A note on required permissions: To view and use the Groups box, you need to have the permission to Access Groups and to Restrict Access.
If you have legacy access control enabled, you can restrict access to an entry using the Access restrictions box. Please refer to the documentation on Groups 1.x for details on how to use it.
In a limited way, you can use Groups to restrict access to attachments or Media in the Media Library. In WordPress, those entries consist of an attachment page and the media file itself.
Caution! The protection on these Media entries is not complete. Due to technical limitations, Groups can only protect the attachment page but not the file itself. Anyone who knows the URL to the file can access it, even though that visitor cannot access the attachment page.
Although Groups will protect the attachment page itself, the actual resource like an image or PDF file for example is not protected due to technical limitations. This means that although the attachment page will not be accessible to unauthorized visitors, if someone knows the direct URL to the media file itself, it can still be accessed. Instead, the Groups File Access extension provides an efficient solution to protecting direct access to files.
Custom Post Types from Extensions for Groups
WordPress can hold and display many different types of content. As outlined at the beginning of this page, you can use Groups to restrict access to custom content types beyond simply Posts and Pages.
Here are some extensions that you might be interested in which provide Custom Post Types that can be protected with Groups:
- Products from WooCommerce can be protected and Groups WooCommerce allows to sell access.
- Documents from the Documentation plugin.
- Topics from Groups Forums and further its Forums can be protected using Groups Restrict Categories.
- Stories created with Groups Newsletters.
- Events from plugins like Events Manager.
- … any many other Custom Post Types defined in plugins and themes.