Home of WP-Members, The Original WordPress Membership Plugin
A new year, and a fresh upgrade for WP-Members! Version 3.2.5 is a feature release with some fixes. Continue Reading →
The PayPal Subscriptions plugin allows WP-Members to limit a user to a specific subscription period and allows you to charge for subscriptions using PayPal’s IPN.
This extension is available with the WP-Members Pro Bundle or individually.
WP-Members PayPal Subscriptions is a premium plugin available in the store.
Best Value: this plugin is included in the WP-Members Pro Bundle package.
Once the tracking extension is installed, it will begin collecting data when logged in users visit the site.
Site usage data can be viewed in two places:
When viewing data in the user profile, the stats will show the time stamp of the user’s last login as well as the last 5 pages visited (this can be increased or decreased with the wpmemstat_max_per_user filter). Fields displayed can be changed with the wpmemstat_display_fields filter. The bottom of the list will include a link to the dashboard to view the full list of stats for that particular user.
When viewing stats in the dashboard, you will see the same fields that are displayed in the user profile. These can be filtered with wpmemstat_display_fields. The number of stats per page can be filtered with wpmemstat_max_per_page. You can view all stats of select a specific user from the dropdown list. The wpmemstat_user_droplist filter allows you to display the values in the dropdown by either user_login (the username) or displayname (if you are using a different value for displayname than username).
You can exclude a user from stat collection (such as any admins) with the wpmemstat_user_exclude filter.
The extension adds a tab to the WP-Members plugin options called “Tracking”. Under this tab you can set what happens when you either delete a user or delete (not just deactivate) the extension. On user delete, you can select to delete any stats related to that user. You can also set the extension to remove the database table in which stats are stored if you delete the extension. Please note that using either of these two options deletes that data – there is no way to get it back, so keep a database backup if you think you will need it.
This setting will prevent any login from being used in more than one browser concurrently. This includes additional computers and locations. The primary purpose of this options is to prevent login sharing. While it is impossible to prevent login sharing 100%, this makes it more difficult since one user logging in will automatically log that username out in any other existing session.
When this setting is enabled, you can choose from two possible options:
While captcha in the login form is not necessarily recommended, it is one of the most requested features. Enabling the captcha setting will utilize whatever captcha is set in the main WP-Members Options.
This option will track all failed logins. You also have the option to be notified as the admin when a failed login occurs.
This allows you to notify the site admin via email when there is a failed login attempt. The email message can be edited in the WP-Members Emails tab under the heading “Failed login admin notification”.
The email allows for some additional email shortcodes that can be used (these are in the default demo message, which you can customize as needed):
Adds additional settings to lock out a user after too many failed login attempts. Prevents brute force login attempts.
This setting will set a flag when a random password is generated so that when a user logs in with that random password, they will be prompted to change it before continuing to use the site. This is implemented it two places. First, in the plugin’s default configuration where a random password is sent to the user upon registration; and second, if a forgotten password is reset. This adds a layer of security by requiring the user to set a password themselves once they have logged in with the random password.
Similar to the above process, if a password is expired, the user will be required to change it to continue using the site. You can specify the time period required for password expiration. When this setting is used, anytime the user changes their password (or if a password is randomly set via registration or forgotten password reset), a new timestamp is set. Anytime the user logs into the site, the timestamp of the last password change is checked against the expiration period.
This setting restricts a user from re-using passwords. You may specify the number of previous passwords recorded (i.e. password cannot be one of the 5 most recent passwords used).
Enabling this option will include the WordPress password strength meter in the form. The form will not be able to submit until the password meets the selected minimum strength.
When used, the meter will be included wherever the password is entered. The primary location for this is in the change password form. But, if a password field is used in the registration form to allow the user to set their own password at registration, the password meter will also be included there.
IMPORTANT: If using a password field in the registration form along with this setting, you MUST include a confirm password field for the password meter to work correctly.
The password strength meter is WordPress’ internal strength meter. It uses the zxcvbn library. While it is somewhat technical, the article here gives a good description of the zxcvbn library’s concepts and a description of what is insecure about LUDS (lowercase, uppercase, digit, special character) password models. There is a demo here that shows you how various password compare using the model. (That’s a demo of the password strength library, not the plugin’s use of it. If you want to know how it works, it’s the same meter that can be found in the WordPress user profile edit screen.)
This setting adds a generate password button to the form. It will remove the confirm password field. You may need to apply CSS to adjust it to match your form style. You can do this with the WordPress Customizer.
When this setting is enabled, the change password form will include a confirm current password field. The user will be required to enter their current password in order to change the password.
A honey pot is a form field that is hidden from human users. To a bot or an automated registration, this form field will look like any other form field to be completed. Bots will generally enter data in a honey pot field. When the registration form is submitted and data validated, if the honey pot contains an entry, an error is returned preventing the registration from occurring. A honey pot is the most effective method of stopping registration spam – more effective than CAPTCHAs. It has the added benefit of being hidden from users and thus presents a far better user experience than including a CAPTCHA.
For general information on what a honey pot does and how it works, see this post.
Enabling either of these options will run the username, email address, and IP address of each registration through that system’s API to determine whether it is likely spam. This, coupled with a honey pot is far more effective than a captcha on the registration form.
When this is enabled, any custom database tables the plugin installs will be removed when the uninstall routine is run (“delete” in the WP plugin screen). This removes the failed login tracking and login lockout tables.
You can download the zip package from the RocketGeek User Dashboard.
This extension installs as a plugin. To install, use one of the following two methods:
Once the plugin is installed, you can go to Plugins > Installed Plugins to activate.
When you purchase the extension, you will receive a license key that provides you a year of updates to the plugin. You can retrieve your license keys on the rocketgeek.com user dashboard. Activating your license key will activate the the plugin to receive updates when they are released.
If a license key is not installed or an installed license key is expired, the plugin will still notify you of available updates, but you will not be able to download them.
(If your license key is expired, you can simply renew it. You do not need to purchase a new license key to replace an expired key.)
Upon installation, the plugin will attempt to create a default protected directory and set its folder permissions to 750. If this fails, you may receive an error message. If the error is that the plugin cannot create the default directory, you will need to check your folder permissions, in which case it is possible you will need to create this manually. (If you or the plugin cannot set the permissions to 750, note that this is not a problem for Apache. It is only necessary for nginx systems.)
Once installed, the first thing you want to do is create an error page. This page is where a user will be directed in the event of an error when downloading (such as if a user is not logged in). On this page, place the following shortcode:
[wpmem_dp_error]
Once this page is created, go to Settings > WP-Members and option the Downloads tab. Use the selector for “Set Error Page Location” to select the page you create for download errors.
If you have any users you want to exclude from download tracking, enter their IDs separated by commas into “User IDs to exclude”.
Save your settings.
Now you are ready to upload some files. Go to Media > Download Protect and click “Add New”. This will give you a dialog to upload a file. Give the file a title (whatever identifies it to you) and click “Choose File” to open a file selector. Once the file is selected, click “Upload File”.
You can also edit or delete files from this list. To edit or delete a file, mouse over the file name and click the appropriate link from the hover menu.
Editing a file gives you the option to upload a new version of the file and/or change the file’s title. Note that none of the file’s information changes – specifically, the file’s identifying key. So any changes will be tracked in the statistics as the same as the previous file. If your new version needs to be tracked separately, it should be loaded as a new file.
Note that the download link is dependent upon the file’s key. So if you edit a file, you do not need to change the key. If you delete and/or replace, you’ll need to either edit your download links or remove them.
Once files have been loaded you can create links for your users to download. The list of files offers two options. First it gives you the file’s direct link. This can be used in the WP post editor when creating a link. Alternatively, it gives you a shortcode that will generate a download link using the file information. Either can be used.
Once files are loaded and some have been downloaded, you can view download statistics on the Dashboard > Download Tracking screen.
