Basic WordPress membership site with protected content using Gravity Forms

Level of difficulty: easy, really easy

What you’ll need:

  • Gravity Forms (Developer License)
  • Gravity Forms User Registration Add-On
  • Justin Tadlock’s Members Plugin
  • About 15 minutes


WordPress already has quite a lot of the functionality you need to create a basic membership site. The trouble is, you quickly realise that some parts of the functionality can be improved. The nice thing about WordPress though is that you can nearly always find a plugin that will help you as your site grows.

In this tutorial, we’ll be using Gravity Forms and Justin Tadlock’s Members plugin to turn WordPress into a basic membership site and require visitors to register to be able to see protect posts and pages. Non-members will only see the titles of the posts.

Once you’ve got the plugins installed, the configuration only takes a few simple steps.

Step 1: Set up the registration form in Gravity Forms
Step 2: Configure the form to create user accounts
Step 3: Configure some members-only content
Step 4: Add a login box to a sidebar

Step 1: Setting up the registration form

WordPress, out of the box, is limited to a rather sparse registration form with just username and password fields in the middle of a virtually blank page. It’s all very zen but not much use if we need to collect more information about the users, sign them up to a mailing list or require that they accept terms and conditions. By using Gravity Forms to create the registration form we get the features you might expect for a membership site; we can put the registration form on any page or widget area, include any additional fields, make sure that users get signed up to an email list, require email verification and keep the account on hold until the administrator’s approval.

To create our basic registration form we need to create a new Gravity Form following the directions here. You’ll end up with a form that looks something like this:

The user won’t be logged in automatically so you may want to change the form’s confirmation message to display a link to the login page.

Now we’ve got the form set up we need to tell Gravity Forms that this form will be used for new user registrations.

Step 2: Configure the form to create user accounts

Once you’ve installed the User Registration Add-On you’ll need to set up a simple user registration feed. This will map each field on the registration form to a field in the WordPress user settings and will make sure that Gravity Forms creates the user account with the right information.

Don’t worry about the User Meta and Additional Options sections for the moment – you can add those options later if you like.

The registration form now knows it has to check the username field to make sure it’s not already taken. If there’s another account with that username then form will fail the validation and ask the user to choose a different username.

Now we have a Gravity Form configured to create user accounts for our members we need to protect some content.

Step 3: Protecting content

WordPress has a couple of options for protecting content but neither are particularly helpful for a membership site. The first requires the post author to assign a password to each post and the second requires the user to be an editor of the blog. We’ll need to make sure that all registered users can see our protected content so we’ll need finer control over who can see what.

There are lots of plugins that will do this for you to varying levels of complexity but our basic membership site just needs a simple plugin that will allow us to hide certain content from non-members. Justin Tadlock’s Members plugin has been around for a long time and continues to be developed and supported and it gives us plenty of control.

Once you’ve installed and activated the Members plugin you’ll find this box on the edit page below the content of each post and page:

The only thing we need to configure here is the role which will have access. Select the “subscriber” role for each of the posts and pages you’d like to protect. This will ensure that all registered users will have access to content and anonymous users will see something like this for protected posts and pages:

If you want to hide posts completely then you may want to try the WordPress Access Control plugin.

Step 4: Add a login form

The standard login form on WordPress is like the registration form. It works perfectly but it doesn’t give us any control over what the login page looks like. If we want to integrate the login form into one or all of the pages we’ll need to use a plugin. The Members plugin, in addition to controlling access, also has a login widget that you can activate in the settings and then add to a sidebar. By default it will look like this:

And once the user has logged it, it’ll look like this:

For further control over the login form, and the logged in content, try the Sidebar Login plugin.

That’s all there is to it – your WordPress site is now set up to provide protected content for members only.

Next Steps

As your membership site grows you’ll find you want to refine the set up further.

Remove the admin bar

One of the first things you’ll probably want to do is hide the admin bar that appears at the top for logged in users. Again, lots of plugins will do this for you for instance Admin Bar Disabler and Admin bar.

Auto-login after register

If you’d like to save your newly registered members the additional step of having to log in immediately after registering there’s a little snippet of code here that you can add to your theme’s functions.php file that do this for you. New members will be automatically logged in so you can send them directly to your member content.

The new Gravity Perks add-on provides this functionality as a perk: GP Auto Login. No need to get messy editing your functions.php. Just click, install, and activate.

Charge for access

You can easily add a paywall to your membership site by using the Gravity Forms PayPal Add-On to require payment before the account is created. Both one-off payments and recurring subscriptions with automatic account cancellations are supported.

Add more membership levels

The Members looks very simple on the surface but it’s actually a very flexible and deceptively powerful plugin. With a bit of planning and care it can be used to create multiple membership levels which you can then assign to users, post and pages.

Protect downloads

If you have a special download like a pdf report or a product that only your members should have access to then that link needs to be protected to reduce the risk of unauthorised sharing. The PluginBuddy S3 URLs plugin will generate a link to your download that expires automatically after a specified number of seconds.

Configure admin approval for new accounts

By activating the “user activation” option in the current version of the Gravity Forms User Registration Add-On (1.5 beta1.2) the user will receive a mail with an activation link which will create the account immediately. If you’d like to make sure that only the administrator can approve the account you’ll need to add the following bit of code to the functions.php file in the current theme.

* Configure Admin Approval for New Accounts
remove_filter('wpmu_signup_user_notification_email', array('GFUserSignups', 'modify_signup_user_notification_message'));
add_filter('wpmu_signup_user_notification_email', 'my_modify_signup_user_notification_message');
function my_modify_signup_user_notification_message() {
return false;
add_action('gform_user_registered', 'my_new_user_notification', 10, 4);
function my_new_user_notification($user_id, $config, $lead, $password) {
$user = new WP_User($user_id);
$user_login = stripslashes($user->user_login);
$user_email = stripslashes($user->user_email);
$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
$message = "Thanks for signing up. Your account has been approved and you can now log in.\r\n";
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n";
$message .= "Password: the one you entered in the registration form\r\n";
$message .= wp_login_url() . "\r\n";
wp_mail($user_email, sprintf(__('[%s] Your account has been been approved'), $blogname), $message);
view raw gistfile1.php hosted with ❤ by GitHub


Steve Henty is a developer at rocketgenius.


  1. James says

    Hello Everyone,

    I have already your article and comment.Wow, I got the lot of thinks from there. This article and every comment is very helpful.However, I want to add something, and recently I just released the membership plugin in the wordpress repository who is called “rs-members”. Before developing I just studied existence all membership wordpress plugin.I got many problems from the those.As a result; I just tried to include many useful features.Without programming skill any guys can easily maintain this plugin. I hoped this plugin will be helpful fill up your all demand. .Guys you can visit my “rs-members” from wordpress repository. Thank you gentleman for patiently reading.

  2. Jason B says

    Most membership plugins have reports… Any suggestions for having daily, weekly, monthly, yearly, etc reports on new and current members? I’m trying to figure out a way to keep what I have with GF and track overall sales. I was thinking of using their freshbooks add-on but that would make every sale an invoice, which would have to be manually “ended” to count as a sale. Not sure if this would also work since membership is a subscription so the next payment received may not reach freshbooks? Perhaps you know of another plugin or way to track sales and orders made via GF?

  3. Jason B says

    Thanks for all the info! I am using GravityForms for my site and never knew about the user/update functionality of their registration add-on. A question that I have for you… When charging $x/month, how does a member cancel their subscription? Is there also a hook or some code that places their account into “not active” ? or do we have to manually edit something to cancel their subscription? thanks!

  4. Brandon Pierce says

    I’m using the “admin approval” feature you provided code for above, for new users to be “approved” before given access. The user activations appear to work fine, except that the Password a user enters in the form appears not to be linked up with their account.

    I’ve tested this a few times. Still the user-selected password does not work on the Account Login.

    We are limiting access to the pricing in a WooCommerce store to only logged in users. This all works fine. I’m just telling you what our site is doing. Additionally, we are using Membership Pro for controlling what shows up in the menus.

    Thanks for any help you can offer!

  5. Felicity Evans says

    This is a fantastic post, answering many questions! Can this user approval ‘system’ be utilised with paypal payments? I’m assuming it can be, but does the approval trigger the payment or does the payment happen first regardless of the approval being given (which would mean that a refund be given if the approval is not given)? Thanks!

    • David Smith says

      Hi Felicity, yes, this works with payments. The user will not be registered at all until the payment has been completed (assuming you are using GF User Registration plugin).

    • Felicity says

      So does that mean that the payment does not get processed through PayPal until the admin approves the registration?

    • David Smith says

      Hi Felicity, sorry, I misread your question. The payment is required for submission, not approval. So the payment is collected regardless of approval. Not aware of any way to delay the collection of the payment.

  6. Seth says

    This is insanely helpful, thank you! One question: Up until now, I have been using the CIMY User Extra Fields plugin to capture additional fields of information from my users. I want to switch to Gravity Forms so I can simultaneously port the info over to Batchbook and Mailchimp when a user registers. But what do I do with the info from all of my existing users to make sure it’s all stored in the same place?

    I can export the existing user data to a csv file and rename the columns. But it doesn’t look like there’s a way to mass import into Gravity Forms. (The Gravity Forms Mass Import plugin doesn’t work for the latest version of Gravity Forms.)


    • David Smith says

      Hi Seth, with the GF User Registration add-on, you can map any form data to the user. When data is stored with the user, it is called the user meta. I’m not familiar with CIMY User Extra Fields; however, most plugins store user-specific data in the user meta so there is a good chance the data is already in the same place. If not, you’ll likely need to write or commission a custom importer.

    • Seth says

      That’s what I would have thought, but the CIMY fields don’t appear to be showing up in the dropdown menu. I think I may simply require users to update their profile.

      One thing I have noticed: You can use a form that CREATES users multiple times for user registration, allowing you to use conditionals to assign a user to a different role depending on their answer to a question. However, you do not seem to be able to use the same form multiple times to UPDATE users, so I cannot create a way for users to change their own role. Any thoughts on a workaround?

  7. Andrew Samootin says

    Hello can you tell me if the ” PluginBuddy S3 URL plugin ” still works as when i look on wordpress it says it is not updated for 2 years, hope it does Also thanks for great work with the site, had no idea it was so GF was so powerful.

    • David Smith says

      Hey Andrew, I would expect that it does. Amazon hasn’t changed their S3 API much in the past couple of years.

  8. Houston Brown says

    Does this process have any way to email members whos membership is about to expire? If not, do you know of one that can be added? I am in desperate need of something that will send a few email reminders to members before there membership expires. Then, if it does, their membership status will change.

    Many thanks, Houston

  9. Julio says

    So when I want to approve the registered user, how would I go about it? What happens when I approve? Do they get an email?

    • David Smith says

      Hi Julio, the User Registration’s “Pending Activations” feature allows you to manually approve each user before they are registered on your site. They will receive the default New User signup notification that is sent from WordPress.

    • Julio says

      Wow. OK, I see now. If I may ask a bit more.

      The approved user received two notices. 1. Can we make this just one notice? 2. Can we customize either of these messages?

      Thanks so much!!! This is such a great solution!

  10. Asaf says


    Great tutorial, thanks.

    However, do you have something to work with Wishlist Member plugin? i.e, registering user and assigning him to a specific membership level


    • David Smith says

      The Gravity Forms User Registration Add-on integrates with BuddyPress so you can probably get most of the way there with this same method. Let me know specific things that aren’t working with this method + BuddyPress and I’ll see if there is a simple workaround.

    • Kareem says

      I am trying to configure a registration page using conditional login and enables users to login using my custom page and save the information in buddypress so that I can use the buddypress messaging and notification system.

      Thank you

  11. Rohnn says

    Hi, great tutorial. Is there a way to redirect a user to a custom page instead of just showing the custom error message? What is want is to have a protected page that checks the role of the user and if the user is not registered then it automatically gets redirected to custom registration page. Any suggestion would be greatly appreciated, thanks!

  12. Samuel says

    Hi Dan, Great Tutorial.

    Anyway to adopt this into capturing info from the visitor without them creating a user profile?

    I would like to have a form popup over one page, but only require them to give name, email, phone etc. to see the content. A 24 hour cookie would be placed so that they can see the content for 1 day before resubmitting info.


    • David Smith says

      Hi Samuel, this is certainly possible but would require some custom work to complete. I’d recommend reaching out to Gravity Forms for any recommended developers.

  13. says

    Great tutorial and very similar to something i’m currently doing.

    Is it possible to map a field to the user role, allowing the person submitting the form to choose the ‘User Role’ as opposed to just setting one in the feed settings?

  14. Lana says

    Hi David, Great post – thank you :) Do you know which plugin we should use to be able to have the person also create a profile page the public can see? We use Gravity Forms (developer). Thank you

    • David Smith says

      Hi Lana… good question. I don’t have a recommendation for this now, but I will keep an eye out and update the post if I find a good one. If you find one before me, please do come back and share. :)

  15. Thomas says

    Hi, thanks for writing this up. I was wondering if you could create a paywall for specific posts for a membership site if a user is alread y a member.

    The idea is to permit access to posts based on a PayPal purchase. The purchase is valid for a year and should terminate after that.


  16. benjamin says

    Hi David, Is there a way to assign users a new role depending on a form submitted through gravity forms?

    I’ve created a series of forms and I would like to assign the user a new role each time they submit a form. It is mandatory to have conditional logic working – that is, depending on their form answers I would add them to a different role.

    Possible? If so, is there a plugin for this?

    Thank you!!! Ben

    • David Smith says

      If this is for a user creation feed, you can create multiple feeds each assigning the user to a different role. Using the “Registration Condition” option on each feed, you can determine which feed (and therefore which role) is used for that user when the form is submitted.

      This won’t work on a user update feed because there is a limitation of one update feed per form.

  17. says

    Thanks David!

    Works perfectly :-)

    BTW – I found a very nice redirect solution. It’s a plugin called ‘Peter’s Login Redirect’ and it redirects users to different locations after logging in.

    Have a great day David! Cheers, Gil

  18. says

    Hi Steve and David,

    Great post! Thank you!

    I want to give this a try as I have been using another solution (that will remain nameless!) and it is … problematic!

    I have a few questions that I hope you can answer.

    1) Will my excerpts still show in the post archives? I don’t want to lose excerpts.

    2) One of the problems I had with the unnamed solution was that comments would still show up when someone clicked on a protected post. I’d get the “you need to log in” bit and it would hide the actual post, but the comments were all visible. I was able to deal with that using some code in functions.php. Will comments show up with Justin’s solution?


    3) Better yet, it would be nice if users who do not have permission to see a post are redirected to an options page that tells them this is protected content and here are the options for registration. S2 does this nicely (and no … S2 is not the unnamed solution mentioned above) I had a peek at the screen shots for Justin Tadlock’s Members Plugin and saw where I can modify the text but no redirect options. Do you think there would be a way to do that?

    That’s it!

    Again, thanks for sharing this solution with us!



    • says

      Hi again!

      I did a quick test and can confirm that comments are indeed hidden (yay!) but that excerpts do not show up. You get “Sorry, but you do not have permission to view this content.”

      Hmmm will noodle with this! Just thought I would update and save you some typing!



    • David Smith says

      Hi Gil, here is some code that updates the post content restriction message to the post excerpt (if it exists) instead:

      Just drop it in your theme’s functions.php file and it should work. :)

    • says

      Hi David,

      This is coming along very nicely! Can you recommend a plugin that will redirect a user (when the log in) to a profile page other than the standard profile.php page?

      Thanks and cheers, Gil

  19. says

    Hello David,

    Great post, I wish I found it earlier would have saved me lots of hours of figuring things out! :)

    Actually, there is still something that I can’t figure out. I want when registering/editing profile for a user to be able to upload a logo file.

    I would also need an ability to be able to add/edit/delete that logo file via native WP user profile interface & have the logo saved to Media Library.

    I’ve tried lots of different things, but that didn’t work and GF support forum is very slow.

    I wandered if you might know how to achieve this.

    Many thanks, Dasha

    • David Smith says

      Hi Dasha, if you’re using the Gravity Forms User Registration add-on, you can map a GF field (such as the upload field) to a user’s meta. This will store the image URL in the user meta; however, it will not store the image in the media library. With GF User Registration 1.5, it also provides the ability for you to create forms that will “update” the user meta so they could upload a new image.

  20. Justin says

    thanks very much for this post, exactly the kind of functionality i’ve been hunting for! thank you thank you

    • David Smith says

      I have not used it myself or heard much about it besides that it exists. If you end up using it, please do share your experience. :)


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>