The recently launched membership website for the Southeastern Bluegrass Association — powered by WordPress and MemberPress — allows only logged-in members to access some content, completely hiding (protecting) that content from unauthorized visitors. But we’re also using MemberPress to partially hide content. In other words, while logged-in members can access such content (say, a page or a blog post) in its entirety, unauthorized visitors can access a little bit of it — with the hope of enticing people to join.
Out of the box, WordPress offers a gatekeeping system — controlling which users can perform which actions— based on a default set of user roles and capabilities. In this article, I’ll explain the limitations of those default roles and capabilities and how you can (and why you should) modify them to better meet your specific needs. (Spoiler alert: Giving users too much “power” can lead to problems.)
Probably the most common case of giving users more power than they should have is the practice of conferring the role of “Administrator” to users who don’t need and shouldn’t have all the capabilities associated with that role.