We currently run a website for our clients that gives each of them their own unique set of private content. The way it’s implemented is through a WordPress MU installation with sub-domains for each client. Works well enough, but there are a few things about it that could be a lot better. Ideally what I want is a single site that limits the visible content depending on who you are logged in as. There are a load of plugins available for WordPress that seem to be able to do this, the rest of this post details just how well they did.
The most efficient way for this to work would be to create a set of categories – one for each client. I would then be able to restrict viewing of a specific category to the users that I want, giving me a single point of login for all clients and a single point of management for us. I’d also be able to post content that is visible for all of the clients, or give some users access to more than one client site. In the current setup with multiple blog sites in WordPress MU, people have to log in to each of the sites they want to view.
To get it all underway I set up WordPress 2.8 and created two Categories – one for each client. I then created two posts, putting each into their respective category. Lastly, I created two users, one for each client.
The ultimate purpose of this is to find a plugin that lets Client A log in and only see posts posted in category Client A, and for Client B to log in and only see posts posted in Category B.
Logged in as Client A in Firefox and Client B in Chrome, both see each others’ posts.
These plugins looked the most promising
Allow Categories
Allow Categories is a plugin that allows you to permission different user to view only specific categories within your wordpress blog.
The interface is uncomplicated and includes the option to force login before viewing any of the site.
This worked to limit the viewable posts in page, and also in the Archive, but hasn’t filtered this through into the visible categories, latest comments and also tags. With each of these I don’t want users of the site to try access categories and posts that they don’t have access to. Rather than showing a “No access” message, it would be better to simply hide any link to post in categories that you have no access to.
User Access Manager
With the "User Access Manager"-plugin you can manage the access to your posts, pages and files. You only create a user group, put registered users to this and set up the rights for this group. From now on the post/page is only accessible and writable for the specified group. This plugin is useful if you need a member area or a private section at your blog or you want that other people can write at your blog but not everywhere.
This plugin creates a User Access Manager section (UAM) within your admin section. The interface looks great and it offers the option to set access by Post Categories. The interface is also clever enough to show inherited access with a greyed checkbox.
This plugin requires an extra step over Allow Categories as you have to create user access groups. I prefer the simplicity of the Allow Categories interface, but I suspect that with a lot of categories and users it will become difficult to manage. By creating access groups and assigning users to them, changing the rights of a group of users will be a lot quicker and easier.
This plugin also doesn’t have the option to force a login for the site as a whole, but it does what it says it will do. My Client A login is now only seeing the posts in Client A category. I’m also now only seeing categories that I have access to.
Problem is that the post count for the Archives is now showing 2 posts and the latest comments and tags are not being filtered. The author’s website seems to suggest that their are new hooks in WordPress 2.8 to handle this, and looking at the code for the plugin it is adding the filters for categories, comments and tags. Unfortunately even with the latest development version of the plugin these are still visible.
Role Scoper
Role Scoper is a comprehensive enrichment for access control in WordPress, giving you CMS-like control of permissions. Assign reading, editing or administration roles to users or groups on a page-specific, category-specific or other content-specific basis.
This plugin adds a lot to your admin screen – Groups to the Users Panel and then two additional panels – Restrictions and Roles. Initial reaction is where to begin – which is never a good first user reaction.
Social Privacy
Social Privacy is a set of open-source plugins for WordPress that restrict the read access of posts or categories to only specified registered users. Install these plugins and you can start blogging for friends and family about topics that are too sensitive to publish publicly.
Social Privacy comes as a bundle of plugins, but the one that implements the functionality that we need is Social Access Control. Initial setup is quick and easy, the options let you hide entire posts or simply show the title/extract. Viewing the site as a non-logged in user shows no posts, categories or tags, but the titles of hidden posts are exposed through the recent comments widget.
Logging in shows exactly the same – none of the posts in the Category that my logins have access to are being displayed. If I go into the individual post and override the default access to allow the client login to have access to the post, it displays, as do the Archives and recent posts. Not ideal, as applying per post/per user permissions in a large site would not be manageable.
One of the settings that doesn’t exist on Social Privacy is the option to apply boolean logic to the permissions. In these examples I have nested my restriction categories under a parent Client. Some plugins give the option of saying that the user must have access to all of the categories that the post falls into before it can be viewed. Applying this thinking to my example and giving users access to the parent category, as well as putting the post into the parent category as well simply made everything available to all users on the blog.
By removing the parent category, the plugin works almost as expected.
This is looking more and more like something that isn’t going to work out of the box…. the search continues.
So can we fix the blogs authoring flaw?–hey can you start posting all digital and media related posts you post here to the true blue blog. We need the content to be of interest to marketers
love your blog
Hey Aaron – thanks
The authoring thing we’ll need to fix with a plugin, but the guys are on it. You and I are admins so we don’t have the problem the authors do
Will def cross-post anything worthwhile for True Blue – actually found some nice stuff last night that I’ve been meaning to pop up there.
Great post… I’m looking forward for the continuation. I’m having a very similar problem and can’t find out a definitive solution.
You really should look at Role Scoper again. You only gave it a paragraph as I assume you gave up due to its complexity.
I had the same reaction, but after properly sitting down with it, I got it to do exactly what I needed which is funnily enough exactly what you were testing.
Yes, it’s initially confusing, but there is a good doc that comes with it and the support forum is great as the author is very keen on helping people and improving the plugin.
I tested RS plus many others and it seems the most fully featured of them all. Currently, the best option as far as I can tell.