Access Gate

The Access Gate lets you control who can see what on your site. Protect your entire site, individual pages, categories, or specific content blocks — all without writing code.

Protection Levels

The Access Gate supports five levels of content protection, from broadest to most granular:

Level Description Configuration
Global Protect the entire site except selected public pages Settings → Access Gate tab
Per-Page Protect individual pages or posts Meta box on each page/post editor
Per-Category Protect all posts in a specific category Category edit screen
Per-Role Show or hide content based on user role Shortcode or Gutenberg block
Inline Protect a specific section of content within a page [wl_protected] shortcode

Global Protection

The most common setup for membership sites. When enabled, every page on your site requires login — except the pages you explicitly mark as public.

Setup

  1. Go to Settings → Whitelabel Login → Access Gate.
  2. Toggle on "Protect entire site".
  3. In the "Public Pages" field, search for and add pages that should remain accessible without login. Typical choices:
    • Homepage / Landing Page
    • Privacy Policy
    • Imprint / Legal Notice
    • Terms of Service
  4. Set the Redirect URL — where non-logged-in users are sent (defaults to your custom login page).
  5. Click Save Changes.

How It Works

The Access Gate hooks into template_redirect early in the WordPress request lifecycle. For every page load, it checks:

  1. Is the user logged in? If yes, allow access.
  2. Is the current page in the public pages list? If yes, allow access.
  3. Is the current page the login page itself? If yes, allow access (to prevent redirect loops).
  4. Otherwise, redirect to the configured redirect URL.

Per-Page Protection

When global protection is off (or as an addition to it), you can protect individual pages and posts.

  1. Edit any page or post.
  2. In the sidebar, find the "Access Gate" meta box.
  3. Toggle on "Require login to view".
  4. Optionally, select which roles can access this content.
  5. Save/update the page.

Non-logged-in users will see the "Access Denied" message or be redirected to the login page, depending on your settings.

Per-Category Protection

Protect all posts within a specific category at once.

  1. Go to Posts → Categories.
  2. Edit the category you want to protect.
  3. Check "Require login for all posts in this category".
  4. Optionally, restrict to specific roles.
  5. Save the category.

Per-Role Protection with Shortcode

Use the [wl_protected] shortcode to show content only to users with specific roles. This works within any page or post content.

Basic Usage

[wl_protected]
This content is only visible to logged-in users.
[/wl_protected]

Role-Specific Content

[wl_protected role="administrator,editor"]
This content is only visible to administrators and editors.
[/wl_protected]

Custom Fallback Message

[wl_protected role="member" fallback="Please upgrade your account to view this content."]
Premium content goes here.
[/wl_protected]

Shortcode Attributes

Attribute Type Default Description
role string "" (any logged-in user) Comma-separated list of role slugs that can see the content
fallback string Global "Access Denied" message Custom message shown to users who cannot access the content
show_login bool true Whether to show a login link in the fallback message

Protected Content Block

The Protected Content Gutenberg block (whitelabel-login/protected-content) provides the same functionality with a visual interface:

  1. Add the "Protected Content" block to your page.
  2. Place any other blocks inside it (text, images, videos, etc.).
  3. In the block sidebar, select which roles can view the content.
  4. Optionally, set a custom fallback message.

In the editor, protected content is highlighted with a lock icon and a dashed border so you can easily identify gated sections.

Access Denied Message

When a user cannot access content, they see the "Access Denied" message. Customize this globally:

  1. Go to Settings → Whitelabel Login → Access Gate.
  2. Edit the "Access Denied Message" field (WYSIWYG editor).
  3. Use HTML, include login links, or add images.

Example message:

<h2>Members Only</h2>
<p>This content is available to registered members.
<a href="/login">Sign in</a> or
<a href="/login#register">create an account</a>
to get access.</p>

Redirect Behavior

You can configure what happens after a user successfully logs in:

  • Return to attempted page: The user is redirected back to the page they were trying to access before being prompted to log in. This is the default behavior.
  • Custom redirect URL: Always redirect to a specific page (e.g., a member dashboard). Configure in Settings → Advanced.
  • Role-based redirect: Different roles go to different pages after login. Use the wl_login_redirect filter for this. See Hooks & Filters.

REST API & AJAX

The Access Gate does not block WordPress REST API endpoints or admin-ajax.php requests by default. This ensures compatibility with plugins, the block editor, and custom AJAX functionality. To protect REST API endpoints, use the wl_user_can_access filter.

Caching Compatibility

If you use a page caching plugin (WP Super Cache, W3 Total Cache, LiteSpeed, etc.), exclude the login page and any pages using the [wl_protected] shortcode from the cache. Most caching plugins automatically exclude logged-in users from caching, but the login page URL itself should be added to the exclusion list.