So, you’re looking to give your clients a secure way to access a client page (or group of pages) on your WordPress powered site. There’s just one problem… there isn’t a simple WordPress plugin that can do it for you with the out-of-the-box functionality we’ve grown accustomed to. But before you give up on client management (or WordPress) altogether, let me assure you, it can be done. So, if you’re up for learning a new trick with some old programming knowledge and a little elbow grease, let’s get started.

First Things First: The Plugins

Role Manager
This plugin is not directly available on WordPress.org, but makes for much less of a headache throughout the next steps. To set it up correctly, go to users –> roles and add a new role named ‘client’. Make sure to only enable the ‘read’ function (otherwise, your clients may be able to access your dashboard or other administrative pages and change the content of your site.

IWG Hide Dashboard
The main purpose of this plugin is to keep non-admin users out of admin only areas of your WordPress installation. To enable this function, simply make sure the ‘hide dashboard’ option is checked for the ‘client’ role we created in the last step.

Peter’s Login Redirect
Really, this plugin is what makes simple client management possible. It allows you to easily direct a logged in user to a specific page on your site that will serve as their customized client page. It does this by checking the user’s role (that it integrates with the previous plugins) and sending the user to a pre-defined URL.

The Code

There. That wasn’t so bad, was it? Well, we still have a ways to go– and it involves modifying some code. Don’t worry, though. I’ll try to make it as straight forward and painless as possible.

First, we have to add a login/logout form somewhere on our page. Mine is located in the drop down menu at the very top of this page my old site, but you can easily place it anywhere in your theme. The easiest is to add this to either your header or footer template pages, as they will (probably) require less maintenance and tweaking as your site evolves (many themes utilize more than one sidebar or main content template, whereas most stick with a common header and footer throughout). Just paste the following code where you want the form to appear (files are found in the /wp-content/themes/your-theme-name folder on a standard WordPress installation).

/* Login/Logout Forms */

<?php if (!(current_user_can('level_0'))){ ?>

    <form action="<?php echo get_option('home'); ?>/wp-login.php" method="post">
        <input type="text" name="log" id="log" value="<?php echo wp_specialchars(stripslashes($user_login), 1) ?>" size="20" />
        <input type="password" name="pwd" id="pwd" size="20" />
        <input type="submit" name="submit" value="Login" />

            <p><input type="hidden" name="redirect_to" value="<?php echo $_SERVER['REQUEST_URI']; ?>" /></p>
    </form>

    <a href="<?php echo get_option('home'); ?>/wp-login.php?action=lostpassword">Forgot Password?</a>



/* if a user is logged in, display username and logout button */

    <?php } else { ?>
        <h3>Logged In as:
            <?php global $current_user; get_currentuserinfo(); echo ''. $current_user->user_login . ""; ?>
        </h3>

        <a href="<?php echo wp_logout_url(); ?>">Logout</a>

<?php }?>

/* END */

Next, you’ll need to create a template for your clients’ pages. I have chosen to name mine ‘client.php’, based on the role I created earlier and overall ease of use.

Simply copy and paste this code into a text file and save it as ‘client.php’. Of course, be sure to change the styled XHTML to fit your theme.

/* client.php */

<?php
/*
Template Name: client 
*/
?>

<?php get_header(); ?>

*/ display the logged in client's username and provide a logout button */

    <div id="pageHeaderText">
        <?php while (have_posts()) : the_post(); ?>
		<?php $pagetitle = get_post_meta($post->ID, 'title', $single = true);

		if($pagetitle !== '') : ?>
                    <h2><?php echo($pagetitle); ?></h2>

                <?php else : ?>
                    <h2><?php the_title(); ?></h2>

                <?php endif; ?>

	<?php endwhile; ?>
    </div><!-- end pageHeaderText -->
*/ END */



<div id="content" class="full">   /* this is part of my theme -- change accordingly */
	<div id="center">

*/ display the content of client's page */

        <?php if (have_posts()) : while (have_posts()) : the_post(); ?>
            <div class="entry">

                <?php wp_link_pages(array('before' => '<p><strong>Pages:</strong> ', 'after' => '</p>', 'next_or_number' => 'number')); ?>

                <?php the_content('<p class="serif">Read the rest of this page &raquo;</p>'); ?>
            </div>

        <?php endwhile; endif; ?>
*/ END */
            


	</div><!-- end center -->  
</div>!-- end content -->

    <div class="clear"><div>
    
<?php get_footer(); ?>

/* END */

Go ahead and upload everything (client.php and whatever file you amended the login form to) to your ‘/wp-content/themes/your-theme-name’ folder and we’ll be off to our final steps.

Setting Up: Configuring the Plugins

Now that we’ve installed our plugins and set up our php code to allow for client login management, let’s go ahead and configure those plugins to function properly. On your WordPress dashboard, open your ‘users’ tab and select ‘add new’. Create a new user called ‘demo’ and give it the role of ‘client’ (that we created earlier). Enter your email where required and give your new user the password ‘client’ (we’ll test using this username and password in just a bit).

Next, scroll down to where it says ‘assign extra capabilities’ (if this is not present, make sure you correctly installed the ‘role manager’ plugin above). Make certain that only the fields ‘hide dashboard’ and ‘read’ are checked, then save your new user.

Now, on your dashboard, go to the settings tab and click on ‘Login redirects’. Under ‘Specific Roles’ make sure that administrator is checked and set the URL to ‘http://www.your-domain.com/wp-admin/index.php’ (this will automatically direct all administrators to the dashboard on login). Click ‘update’.

OK, here’s what we’ve been waiting for. Under ‘Specific Roles’ again, let’s add the role ‘client’ (that we created earlier) and give it the URL ‘http://www.your-domain.com/[variable]username[/variable]‘. Save it. This will, essentially, redirect all users with the role ‘client’ to a page with the same name as the client’s username. In other words, if the username is ‘demo’, the corresponding client page must be named ‘demo’ and point to a URL ending in ‘/demo/’. (To make client pages more manageable, you may want to redirect users to a sub-page in order to keep your pages list more controlled. In this case, you would give the ‘client’ role the URL ‘http://www.your-domain.com/clients/[variable]username[/variable]‘ if you would like all client pages to be sub-pages of the parent page ‘client’. This is not necessary, but will make your life a whole lot easier when managing more than a few clients at a time.)

Congratulations! You have successfully configured all the required plugins. Just one thing left to do…

The Final Step: Creating Client Pages

Finally, after all that, we can go ahead and create our demo client page! Let’s add a new page called ‘demo’ (if seeking to make all client pages sub-pages, make ‘demo’ a sub-page of the page ‘clients’, or whatever you want the parent page to be). On the right side of your screen, in the tab ‘Page Attributes’, make sure the template field is set to ‘client’ and a parent page is selected (if desired). I have also chosen to make my client pages password protected to disallow any unauthorized access. To do so, just assign the client’s user password to the page.

Make sure that your permalink matches what you set under ‘Specific Roles’ above and you should be good to go. Just fill in the page with some client information, sign out of your WordPress account, and use the login form we installed on your page to login with the username ‘demo’ and password ‘client’. You should be redirected right to the demo client page. If it worked for you, simply add more client pages and pat yourself on the back.

If you have any questions or comments on this tutorial, leave me a comment to let me know. Happy coding!

EDIT:

Thanks to the comment by the user ‘underscore’ in the WordPress.org Support Forums, we now have an easy way to limit each user’s login to viewing only that user’s client page. It does this by checking a user’s username against a client page’s title. If the two are the same, the page is allowed to be viewed. If they don’t match, the user is sent to your universal wp-login.php page. Simply add the following code near the top of your client page’s template. Be sure to edit the highlighted lines to reflect your site’s requirements and you should be good to go.

/* insert into client.php */

<?php 
    $username = ( $userdata->user_login ); 
?>

    <?php
        $url =  $_SERVER['REQUEST_URI'];
        $urlItemsArr = explode( '/', $url );

    /*

        print ('client/'.$userdata->user_nicename);
        print '<br />';
        print ($urlItemsArr[1].'/'.$urlItemsArr[2] );
        print '<br />';

    */

            if ( strcmp( 'client/'.$userdata->user_nicename, $urlItemsArr[1].'/'.$urlItemsArr[2] ) == 0) {
	       print 'Allowed';
            } else {
	       header('Location:http://www.your-URL.com/wp-login.php') ;
            }
    ?>

/* END */