Print This Post Print This Post

1st August 2008

Wordpress .htaccess and Membership Sites

posted in Strategies |

Back in April, I wrote a post on how to set up a Wordpress Membership site using htaccess - i.e. no plugins needed, just playing with stock standard stuff readily available. Little did I realise it was set to become THE most popular post on this site :)

So with many questions being asked about the “how to” do it, I thought it was time for a little more on that tutorial - this time outlining in detail the files you need to set it up, including the actual code used from a real live example.

UPDATE OCTOBER 2008

I’ve just discovered a new WordPress Membership Plugin that IS exactly what I’ve been looking for, AND it’s within my budget!

So if you don’t want to get as “technical” as this post describes, then you should check out WPWishList Member today!

To summarise: If you want to set Wordpress up so that the posts are ONLY available to members (paying or otherwise), you can do it very simply and without plugins that require members to be “registered” with your WordPress blog (that’s an area I prefer people to stay away from, given a choice).

How?

  1. Install Wordpress in the directory /wp/ on your server.
  2. Create another directory on your server called /members/ (from either file manager in cpanel, or from your FTP program).
  3. Place .htaccess and .htpasswd files in /members/ so that they use .htaccess authorisation to secure the directory (as instructed by your user management script - Locked Area was the script mentioned in previous post)
  4. You’ll also place an index.php file in the /members/ directory to call Wordpress when needed.
  5. Now, tell Wordpress that your Blog address (URL) - from the Settings (Options Tab in WP pre v2.5)/General tab - is yourdomain.com/members - and your WordPress address (URL) should remain at yourdomain.com/wp
  6. Place a page at the root or top level of your server - i.e. yourdomain.com/ which displays the home page of your blog. Because this is NOT secured, anyone can view this page.

Here’s how it works…

When someone visits the “home” page, they see a “normal” wordpress home page. Because your WP installation is NOT in a protected folder, everything will be shown - as you would expect. So sidebars, categories, latest posts… etc… will all be there. And people will even be able to carry out a search of your content from yourdomain.com/

e.g. See here for live example (opens in new window).

EXCEPT…

The LINKS to any post or page or archive or category etc… will all point to the PROTECTED directory e.g.
* yourdomain.com/members/here-is-a-post/
* yourdomain.com/members/category/news/
* yourdomain.com/members/feed/ (yes - EVEN the RSS feed)

And if you click on ANY of those you can NOT see the content without providing a username and password.

If you can’t provide those details, or cancel out when asked, then a 401 page will be displayed (assuming your browser does that) which states that a username etc are needed, and provides a link for forgotten passwords or registering etc. e.g.
See here for live example (opens in new window).

Time to provide some code… I don’t know why I didn’t do that in the first place!!!!

In the root directory, there will be
1. .htaccess file
2. index.php
3. 404.html

For the root .htaccess file - normal WP rewrite stuff:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

For the root index.php file - make sure it points to /wp/ directory in the require line:

<?php
/* Short and sweet */
define(’WP_USE_THEMES’, true);
require(’./wp/wp-blog-header.php’);
?>

There’s also a file called 401.html which lives in this directory. 401 errors (authorisation needed) are redirected to this page which explains what is needed and what to do if you forget your password etc (use the routines which come with your htaccess management software). Here’s an example:
See here for live example (opens in new window).

The page is just a static HTML page made up using the main blog template code.

Now… in the secured/protected /members/ directory… there will be
1. .htaccess file
2. index.php
3. .htpasswd

For the /members/.htaccess file - authtype instruction, error doc redirect, and normal WP rewrite:

AuthType Basic
AuthName “Restricted Members Area”
AuthUserFile /full/path/to/members/.htpasswd
require valid-user

ErrorDocument 401 /401.html

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /content/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /members/index.php [L]
</IfModule>
# END WordPress

For the /members/index.php file - normal WP stuff, pointing to the /wp/ header in the require line (notice the slight change):

<?php
/* Short and sweet */
define(’WP_USE_THEMES’, true);
require(’../wp/wp-blog-header.php’);
?>

There’s also the /wp/ directory - this contains the normal wordpress stuff. Nothing needs to be done here.

That’s it - the actual code from the site it’s tested on here:
http://members.onlinemarketingfundamentals.com/ - which I might eventually find some time to get set up with some content for you one day :) Certainly working on it!

Regarding the RSS Feed

As you try to burn your RSS feed with feedburner, it will recognise that password protection is needed, so you need to modify the URL submitted. Here’s the Feedburner error message:

The feed address you entered is password protected. You can specify a username and password in the URL like
http://user:password@www.website.com/index.xml.

So - set up a “generic” username and password - maybe feed as the user and some random text as the password, and re-enter the new feed URL. It would NOT be wise to use your own username and password!

Here’s the new feedburner feed for the OMF member site: http://feeds.feedburner.com/OMFMembers (again - opens in new window)

You’ll notice ONLY excerpts shown (adjust in Settings(Options in WP pre v2.5)/Reading to shown only summaries) and NOT the full post.

ANYONE can see the feed, but again, they have to log in to the protected member area to see the full post!

And that should be about it all you need to do… except to also set up the .htaccess management (use the Locked Area script mentioned in the previous post, or similar), along with a sign-up page and a method to extract money from your potential members (i.e. PayPal), and then plugging their email address into your auto-responder after they have signed up.

Oh… and of course, adding useful content regularly so you can actually offer something of value to your members.

Simple enough? :)

Cheers
Stephen

P.S. I’m not too sure what’s going to happen with Technorati etc when I submit the feed there - I might have a fiddle with that over the weekend to see what happens…

I also thought that Aweber and other auto-responders that use feeds might also have a little hassle with the authentication issue. While Aweber doesn’t specifically mention how to solve the problem, they do suggest that their blog broadcast feature CAN use a Feedburner feed, so that’s the workaround to avoid authentication issues with accessing the feed.

Tags: 

Popularity: 35% [?]

This entry was posted on Friday, August 1st, 2008 at 11:04 pm and is filed under Strategies. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

There are currently 5 responses to “Wordpress .htaccess and Membership Sites”

Why not let us know what you think by adding your own comment! Your opinion is as valid as anyone elses, so come on... let us know what you think.

  1. 1 On August 1st, 2008, Tim said:

    Thanks again for this awesome updated guide.

    I have implemented it already pretty much as you have laid out except that I have 2 complete blogs - one in the root of the domain and the members one in a subdirectory, but my ‘unprotected’ index.php for the members blog (which I’ve placed in the subdirectory as my main blog is in the root directory) does not display any detail, just the header and sidebars.

    The front page is a static page I’ve set up, but it doesn’t show, only my custom 404 page I have set up.
    It works perfectly well when you view the index.php in the protected directory.

    Any ideas on that?

  2. 2 On August 2nd, 2008, Stephen Spry said:

    (edited by SS after having had time to test the theory… it did not work but I’ve left it here in case anyone wants to try the same concept themselves and maybe have better luck than I…)

    Hey Tim

    I’ve only set this up with one WP install, and those instructions apply to that case, and don’t quite understand where you put that “unprotected” index.php file mentioned above…

    However, I would imagine, if you needed to do TWO WP installations, then you would need to modify slightly…

    1. your second WP install at root level - no need to fiddle with that one.
    2. original WP install (as described above) in /wp/
    3. set up the members area in /members/ as described above.
    4 - this is the different bit for your case - put the 3 files I described above that were in MY root directory (ie htaccess, index.php and 404.html) into a different directory - perhaps call it /public/.
    5. You would NOW need to change the 401 redirect in the /members/.htaccess file to point to the new location i.e. ErrorDocument 401 /public/401.html
    6. The /public/index.php file should now be changed to be IDENTICAL to the /members/index.php file - i.e. the require statement would need to match so it can find the installation in /wp/

    End result - your 2nd blog at the root, your “public” front end to the members blog at /public/ and the 1st members blog at /members/. Does that work for you?

    But I don’t know why you need the 2nd install at all… unless you want to include a lot more “public” pages there, which is probably an OK idea.

    In which case… to tie the two installations together (sort of) I want you to try to set up TWO new EMPTY “PAGES” (not posts) in the 2nd blog - this is the blog at the root level.

    I’m assuming you have custom permalinks set up to be /%postname%/ - so call these new EMPTY PAGES Members and Public. You’ll notice that when the permalinks come into play, that the URLs to these “pages” are now…
    yourdomain.com/public/ and yourdomain.com/members/

    Surprise surprise… these are ALSO the paths to your “public” members page and the sealed members section… click on them from the links in the top level blog navigation, and you should go straight to the other blog. Clever little integration trick (I hope LOL)

    Please let me know how that goes.

    (edit - this second concept of using “empty” pages in your blog navigation to point to existing directories on your server does work - I’m actually doing it on another older site which I am upgrading to Wordpress - and still keeping a LOT of the existing HTML sections in play - more on that when it’s finished)

  3. 3 On August 2nd, 2008, Tim said:

    Probably best to forget the 2 blog thing, that’s just a red herring I feel.

    Let’s just say that in the root directory I have another website set up.

    Basically I have installed the blog to a subdirectory and set it up as you describe except the ‘public’ index.php and associated .htaccess file is in the original subdirectory I installed the blog in rather than the root directory.

    So to use your original example, to see that page you would go to /wp/ and it will display, but in my case I don’t see any text for what should be the front page of the blog, although everything else looks ok and all the links in the header and sidebar etc. point to the private area as you would expect.

    Tim

  4. 4 On August 2nd, 2008, Stephen Spry said:

    Hi Tim

    I have a strange feeling that I tried earlier to setup the public page inside of /wp/ at one stage, and couldn’t get it to work either. Which is why I ended up setting it up the way I did… kept fiddling until it worked.

    As far as my previous suggestion goes… that does NOT work LOL

    Now that I am wide awake once again, I had the chance to try it out - putting the files as described in a /public/ directory - and no go with that at al!

    I got a 404 error when accessing /public/ and while the page displayed properly when looking at /public/index.php in my browser, it showed no posts… so back to the drawing board on that one!

    But that is where “trial and error ” makes all of this fun - frustrating at times, but still good fun.

    So I think I’ll stick with what works as described in the main post.

  5. 5 On October 31st, 2008, Easily Create A WordPress Membership Site » Internet Marketing Toolbox said:

    […] high priced membership software which “plugs in” to WordPress. These detailed posts Wordpress .htaccess and Membership Sites WordPress Membership Plugins?have already attracted quite a bit of attention, simply because […]

Leave a Reply

  • Feedburner Subscribe

  • Enter your email address to get new posts sent daily:

  • Advertising



    • rss posts