WordPress Plugin: Page Restriction

Updated to version 1.4
– There should be no more errors on install or activation/deactivation.

Updated to version 1.3

I’ve updated the plugin. I’m now at version 1.2.

Here is the changelog:
– added code check for the Page Access plugin, only used if installed

– used built in WordPress function dbDelta() to update database structure
– changed name of options subpanel

The link is the same, but the .phps file has been updated


I know I haven’t posted in a long time and I’m sorry. I’ve been… lazy? busy? Sure, those will work. I would also like to sincerely appologize for the complete and utter disarray that this site is in – don’t worry, I’m working fixing all that.

But on to the point of this post…

Because I’m using WordPress as a Content Management System for our up-coming intranet/web-app at work, I needed a way of keeping the regular folks out of our private section of the site.

So, I wrote this plugin – Page Restriction – and it does just what it says, pretty much. It will add an Administration panel under the Options section, entitled Page Restriction – Clever huh? There you can pick and choose whatever pages you want restricted to logged-in users.

You may download the source here: https://17thdegree.com/wp/page-restriction.phps

Any questions, comment here.

117 thoughts on “WordPress Plugin: Page Restriction

  1. Shoot, now I’m trying to use this w/ WP 2.0.2, and I’m getting the ‘cannot modify header information’ error that others have encountered. Wonder if I can connect it to an earlier API hook…?

  2. Clearly I’m just tired. I hadn’t read through all the earlier comments. NOW I have. I tried several of the fixes but none seemed to work. When I added the function above wp_head in my header.php, it just displayed the ‘restricted’ file whether I was logged in or not.

    But Jan’s suggestion above seemed to do the trick. It’s ugly, but it’ll work for my purposes. I’d love to hear if there’s a more graceful fix. But I’ll probably have to look more carefully at my other plugins…


  3. Neat little plugin… got it working with WP 2.0.2, used Jan’s hack above.

    I would love to see a user level check (or user role check) added.

    Anyone know how to hack it so the user has to be at or above a cetain level?

    Level 1 or “Contributor” role would do… just need it a notch above public access.


  4. I looked at the code and compared it to another plugin that checks for levels and I was able to do the hack myself.

    I don’t know if it’s good code, but it works:

    CODE starts at line 191′

    global $user_ID, $user_level; // jweaks added $user_level
    // is user already logged in?
    $user_level = $userdata->user_level; // jweaks added line
    if ($user_level == 0) { // jweaks added line
    // if (” == $user_ID) { // jweaks commented out line

    ‘end code


  5. Thanks, great plugin.
    Used it on WP 2.0.
    It’s just I got this silly idea about making another plugin based on yours.
    Is it okay for me to start out using the code from your plugin ?
    Well, it’s just a silly thought, who knows.
    Well, you got my email.
    Thanks anyway.

  6. Hi! Got the headers-sent-problem too although having tried the workarounds… Also tried switching the other plugins on and off – no success.
    Another workaround anyone? – here’s mine:

    1. Open page-restriction.php (plugin script)
    2. Edit lines between from #189 and save. It should then look like this:
    if ($isrestricted == 1) {
    global $user_ID;
    // is user already logged in?
    if (!is_user_logged_in()) { // as defined in pluggable-functions.php
    // call alternative auth_redirect
    // thx to Markus 🙂
    } else {
    // This is checking to see if the Page Access plugin is installed
    ‘end code
    Sorry: I can’t tell you line numbers explicitly – tinkered too much.

    3. Open wp-includes/pluggable-functions.php
    4. Insert modified auth_redirect function (and of course save):
    if ( !function_exists(’auth_redirect_mod’) ) :
    function auth_redirect_mod() {
    // Checks if a user is logged in, if not redirects them to the login page
    if ( (!empty($_COOKIE[’wordpressuser_’ . COOKIEHASH])
    && !wp_login($_COOKIE[’wordpressuser_’ . COOKIEHASH], $_COOKIE[’wordpresspass_’ . COOKIEHASH], true))
    || (empty($_COOKIE[’wordpressuser_’ . COOKIEHASH])) ) {
    //kind of shortcut
    $filename = get_settings(‘siteurl’) . ‘/wp-login.php?redirect_to=’ . urlencode($_SERVER[‘REQUEST_URI’]);
    // have a look at Jacob’s solution on http://de.php.net/manual/de/function.headers-sent.php#60450
    if (!headers_sent())
    header(‘Location: ‘ . $filename);
    else {
    echo ”;
    echo ‘window.location.href=”‘.$filename.'”;’;
    echo ”;
    echo ”;
    echo ”;
    echo ”;


    ‘end code

    Good luck 🙂

  7. Looking for the same functionality as jweaks – checking for user level or role as well as registration. I tried the hack provided but couldn’t get it to work; anyone with registration regardless of level could still see the restricted pages. Any ideas?

  8. Hi,

    when not registered or logged in I get the statement:

    Warning: Cannot modify header information – headers already sent by (output started at /storage/mijndomein/users/011971/public/sites/www.polyplatform.nl/wordpress/wp-content/themes/polyplatform/header.php:7) in /storage/mijndomein/users/011971/public/sites/www.polyplatform.nl/wordpress/wp-includes/pluggable-functions.php on line 220

    When logged in all goes well…

  9. James, the “headers already sent” issue is because the ‘wp_head’ stuff is being processed in the part of HTML – after a lots of output. You might not see it if your host is using output buffering. One of the pretty good hooks could be ‘template_redirect’ instead.

  10. Hello I tried restricting a page and when I click on it when not logged in, it says , “OK The document has moved here.” Then I click ‘here’ and I can log in. Can I get rid of the ‘OK’ page??

  11. Is there any way to hide the restricted pages from unregistered users / keep from showing up when calling wp_list_pages?

  12. ** OK The document has moved here. **
    Firstly, on the subject of getting rid of the “OK The document has moved here.” message. I found a suggestion for the solution http://wordpress.org/support/topic/77094
    It’s bascially being caused by the fact that WP thinks the redirect is sending you to an invalid url. So it brings up this nice message screen instead. The suggested solution worked, but I think it may well be removing some other CORRECT functionality you could miss later on.

    ** Restricting results of wp_list_pages **
    To change this means changing the contents of ‘template-functions-post.php’, which is obviously a bad thing. However, seeing as I wanted to remove the links on my site too, here’s what I did.
    In the file template-functions-post.php’, you’ll find a fuinction titled ‘get_pages’.

    In the middle of the function where it’s building the sql, I replaced the following:
    $pages = $wpdb->get_results(“SELECT * ” .
    “FROM $wpdb->posts ” .
    “WHERE post_status = ‘static’ ” .
    “$exclusions ” .
    “$no_restricted ” .
    “ORDER BY ” . $r[‘sort_column’] . ” ” . $r[‘sort_order’]);

    // Added logic to check if the page_restriction plugin is active.
    $no_restricted = ”;
    $current_plugin_status = get_settings(‘active_plugins’);
    if (in_array(‘page-restriction.php’, $current_plugin_status))
    global $user_ID;
    if (” == $user_ID)
    $no_restricted .= ‘ AND restricted = 0 ‘;

    $pages = $wpdb->get_results(“SELECT * ” .
    “FROM $wpdb->posts ” .
    “WHERE post_status = ‘static’ ” .
    “$exclusions ” .
    “$no_restricted ” .
    “ORDER BY ” . $r[‘sort_column’] . ” ” . $r[‘sort_order’]);

    Note that my solution is only for the page_restriction plugin. If you’re using the page_access plugin too, then you’ll have to figure it out.

  13. I haven’t been doing much with my extensions lately, but have recently been inclined to take another look at them.

    No promises, but there is a good chance I’ll be taking another look at them again soon.

  14. Parse error: parse error, unexpected ‘}’ in C:\wamp\www\wordpress\wp-content\plugins\page-restriction.php on line 160

  15. nothing shows under Options|restrict pages. it’s completely blank. this is with a fresh install of newest wp. nothing else has been installed except a modded theme with new gfx.

  16. Has anyone tried Jan’s fix to get rid of the header warning only to have the page end up visible to everyone – logged in or not? if you have had this problem – how did you fix it?


  17. when a user click on a restricted page it will not redirect to the login page. Auth_redirect doesnt seem to work. No error shows up only a black screen.


  18. FIX for 2.1 issue of nothing showing up on admin (Options / Page Restriction) page:

    Open page-restriction.php and replace all instances of

    $wpdb->posts.post_status = ‘static’


    $wpdb->posts.post_type = ‘page’

    Your pages should now show up on the admin (Options) page.

  19. Hi James, I’m excited about your plugin but when I activate it and go into Options/Page Restriction, it says, “no pages yet.” I refresh Options and it still says “no pages yet.” I have two pages listed in my Manage/Pages section but they don’t show up on the Page Restriction page. Why is that? Do I have to specify the pages to be somthing specific?

    Shilo Case

  20. I found out why the page is not showing up on the Page Restriction page. It’s because the page status is set to Publish. The only options in WordPress are Publlish, Draft, and Private. The only status in MySQL that will work is Static. However, is disappears from the Manage/Page area and disappears as a link on the BLOG site. I’ve tried adding a link on the Theme Header and Functions page so it looks like the link from Pages is there but upon clicking it, while not logged in, it gives me a “page can not be found.” If I log in through my admin login link and then go back to the main URL page and click on the link, it goes straight to the Forum page I want to pass word protect. ANy ideas?

    Shilo Case

  21. Our new site at http://www.theplayersguidetoplaying.com is using WP 2.1. We are trying to create a ‘members only’ page so people who have paid can come back to download the audio MP3 version of our book.

    We installed the page-restriction.php and changed the
    $wpdb->posts.post_status = ’static’


    $wpdb->posts.post_type = ‘page’

    however, still no pages are showing up in the
    Options->Page Restriction menu page. Just says
    ‘no pages yet’.

    Any ideas?

  22. The alleged fix seems to be
    WHERE post_status = ‘static’
    and tehre are 3 insatnces to replace with
    WHERE post_status = ‘page’

    I edited it but getthe same NO PAGE Sfound.
    If I do an update options, it is apparent that teh database field doe snot exist.

    WordPress database error: [Unknown column ‘restricted’ in ‘field list’]
    update wp_posts set restricted=0 where ID=1

    Shame, because with page group, it would be a great solution…..

  23. I also get the same ‘no pages yet’ message and have tried tweaking the SQL in the page-restriction.php file but with no luck. I’m not totally familiar with the db structure.

    Is there a fix to this plugin. It sounds like exactly what I need.


  24. I just found a fix that seems to work. The WHERE clauses need to be changed to use the post_type field, not post_status:

    Line 81:
    WHERE $wpdb->posts.post_type = ‘page’

    Line 85:
    $posts = $wpdb->get_results(“SELECT $wpdb->posts.* FROM $wpdb->posts WHERE post_type = ‘page'”);

    Line 123:
    $pages = $wpdb->get_results(“SELECT * FROM $wpdb->posts WHERE post_type = ‘page’ ORDER BY menu_order”);

    Then my pages appear under Options > Page restriction and I’m able to select the pages that require a logged-in user. When that page is selected in the menu, user is immediately taken to the login screen.

  25. Seth’s fix posted above this let me see the pages under Options > Page restriction, but I still get this when I try to Update Options with restricting one of my pages:

    WordPress database error: [Unknown column ‘restricted’ in ‘field list’]
    update wp_posts set restricted=0 where ID=1

    WordPress database error: [Unknown column ‘restricted’ in ‘field list’]
    update wp_posts set restricted=0 where ID=2

    WordPress database error: [Unknown column ‘restricted’ in ‘field list’]
    update wp_posts set restricted=1 where ID=3

    anybody know how to fix this?

  26. After reading like 50 posts I manged to change the code so that it works.

    ####Part 1 comment Seth####
    Line 81:
    WHERE $wpdb->posts.post_type = ‘page’

    Line 85:
    $posts = $wpdb->get_results(“SELECT $wpdb->posts.* FROM $wpdb->posts WHERE post_type = ‘page'”);

    Line 123:
    $pages = $wpdb->get_results(“SELECT * FROM $wpdb->posts WHERE post_type = ‘page’ ORDER BY menu_order”);

    Then my pages appear under Options > Page restriction and I’m able to select the pages that require a logged-in user. When that page is selected in the menu, user is immediately taken to the login screen.
    ####part 2 comment Jan####
    You find this code at the bottom

    add_action(‘wp_head’, ‘check_the_user’);
    add_action(‘template_redirect’, ‘check_the_user’);

    – Opera takes a long time to load a restricted page (1 second or so)
    – The plugin is gone from my plugin directory in wordpress but the admin pannel for pagerestriction is still there.

  27. We were getting the same header error that lots of people here have reported:

    Warning: Cannot modify header information – headers already sent by (output started at /home/kartlink/public_html/pro/wp-content/themes/gentle_calm/header.php:5) in /home/kartlink/public_html/pro/wp-includes/pluggable-functions.php on line 109

    The fixes suggested above weren’t working for us…not sure why but possible because we’re on WP 2.1.

    Anyhow, I wanted to share the solution that did work:


    add_action(’wp_head’, ‘check_the_user’);


    add_action(‘get_header’, ‘check_the_user’);

    The add action function calls WP hooks, and using the get_header hook as opposed to the wp_head seemed to do the trick. Here’s the page in the codex that discusses these hooks, as an FYI:


    Hope this helps someone!

  28. Hi, this plugin looks like what I need. But I see no posts here for a couple of years!

    Will the plugin still function with WP2.2, any idea?


  29. Is this plugin ready for use? I read so many error and bug, anyone has success so far, I would like to have the plugin on my blog but I would like to ask for some opinion first.

    Thank you.


  30. I can confirm that Immow’s solution (Comment #80) works for 2.1.3. Thanks!
    I was keen to avoid any extra load time and such as mentioned, so I decided to try Jim D’s suggestion, but for some reason it gave me another header error. >_

  31. I have now created a tweaked version that works for me with WP 2.2.1.

    The errors on update are gone and the redirect and page listings are working perfectly.


  32. on the latest WP the plugin won’t activate

    Plugin could not be activated because it triggered a fatal error.

  33. Go to the download library on my site and you’ll find it.

    I’ve made a forum on my site for any bugs, etc. Can’t make any promises on support, but as I’m an over-eager geek, who knows.

  34. I get this message under Options/Page Restrictions:

    No pages yet.

    Why is it not recognizing my pages?!

  35. Thanks Graeme 🙂 I haven’t upgraded to WP 2.2+ yet but once I do I’ll be sure to use your plugin.

  36. I don’t understand how it works! I uploaded it to my plugins folder, what now??? Please, HELP!

  37. Sorry for the double post, I figured it out now, but I’m getting these errors:

    WordPress database error: [Unknown column ‘restricted’ in ‘field list’]
    update wp_posts set restricted=0 where ID=1

    WordPress database error: [Unknown column ‘restricted’ in ‘field list’]
    update wp_posts set restricted=1 where ID=2

    and this shows on the page:

    WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ” at line 1]
    select restricted from wp_posts where ID=

    Does anyone know how to fix this?

  38. I’ve just installed your plugin.
    I only see the Page Restriction Options Panel but in this panel I only see the label “No pages yet” and the button “Update Options”.

    I haven’t found any more in order to restrict the access to a specific page.

    How could I add any pages to the restriction list?


    Davide Taibi

  39. Hi there!

    I’ve installed the plugin and it works fine from the first time, so it’s a great job and thank you for that plugin. I would like to make the plugin to add all registered user to a group. So my goal is to see when someone registers he/she will be able to watch the pages and don’t need to add them to a group manually. I want to automatize that.
    Can you help me somehow, or give a code to add please?


  40. I am also getting the message, no pages yet.
    I am running WP 2.2.

    Help and advice much appreciated. Thank you 🙂

  41. The bug that he is speaking of is that in v.1.4 you used a shorthand php opening tag excluding the text ‘php’ after [

  42. Hi,

    actually I wanted to use your plugin, though it eems that even after correcting the previously mentioned bug in 1.4 it still won’t show any pages in the options panel. It doesn’t even show an error, it just doesn’t show anything.
    I would greatly appreciate any help.

    I am using WP 2.3.1

Leave a Reply

Your email address will not be published. Required fields are marked *