Content Protection

The ContentProtection class is the primary protection handler for posts, pages, and custom post types. It hooks into:

• the_content (priority 999) — replaces content with restriction message
• get_the_excerpt (priority 999) — filters excerpts for protected content
• template_redirect — handles full-page redirects when protection mode is set to redirect
• pre_get_posts — excludes protected posts from archive queries (when enabled in settings)
• rest_prepare_{post_type} — filters content in REST API responses

Per-Post Protection: Edit any post or page and look for the Membership Protection meta box in the sidebar. Here you can:

• Toggle protection on/off
• Select which plans grant access
• Choose a teaser mode and configure it
• Write a custom restriction message (supports {plan_names}, {login_url}, {pricing_url}, {user_name} placeholders)
• Set a CTA button with text and URL

Bulk Protection: Select multiple posts in the post list and use the bulk actions dropdown to "Protect with Membership" or "Remove Membership Protection". This creates or removes protection rules in bulk.

Implicit Protection: Posts that appear in any plan's content rules are automatically protected — you don't need to set per-post protection for them. The AccessEvaluator.isProtected() method checks both explicit protection rules and plan rule membership.

Archive Filtering: When "Hide protected content in archives" is enabled in settings, protected posts are excluded from archive pages, the blog index, and search results for non-members. Members still see protected posts in these listings. This uses the pre_get_posts hook to add post__not_in exclusions.

The TaxonomyProtection class handles taxonomy term protection. When you protect a category or tag:

• All posts assigned to that term inherit the protection
• The inheritance mode can be set to all_posts (protect every post with this term) or none
• The AccessEvaluator checks taxonomy inheritance when evaluating post access

This is powerful for content libraries — protect a category like "Premium Articles" and every post in that category is automatically protected without individual configuration.

Taxonomy protection rules are managed through the plan content rules or through the Memberships > Content admin page.

The MenuProtection class hides navigation menu items from non-members. When a menu item is associated with protected content:

• Non-members don't see the menu item at all
• Members see the menu item normally
• The check runs against the wp_nav_menu_objects filter

This prevents non-members from discovering URLs for content they can't access. Particularly useful for member-only sections that should be invisible to visitors.

The UrlProtection class protects arbitrary URLs using pattern matching. It hooks into template_redirect at priority 5 (before content protection) and checks the current URL against configured rules.

Match Modes:

URL rules support:

• Exclusion patterns — URLs that should be excluded even if they match the rule (e.g., /members-area/pricing remains public)
• Match specificity — rules are sorted by specificity (exact > prefix > regex) before evaluation

Restriction actions for URL rules:

URL rules are cached via WordPress transients for 5 minutes. The cache is cleared when rules are modified.

The CommentProtection class restricts comment access on protected content:

• Non-members cannot view existing comments on protected posts
• Non-members cannot post new comments on protected posts
• Members interact with comments normally

This ensures that member discussions remain private and non-members cannot read conversations happening in protected content.

The SpecialPageProtection class protects WordPress special pages that are not regular posts:

These are configured through the protection rules with resource_type: special_page and a resource_id identifying the page type.