Tag - Ultimate

The Ultimate WordPress Security Guide (Step by Step)


WordPress security is a topic of huge importance for every website owner. Google blacklists around 10,000+ websites every day for malware and around 50,000 for phishing every week.

If you are serious about your website, then you need to pay attention to the WordPress security best practices. In this guide, we will share all the top WordPress security tips to help you protect your website against hackers and malware.

Complete WordPress security guide

While WordPress core software is very secure, and it’s audited regularly by hundreds of developers, there is a lot that can be done to keep your site secure.

At WPBeginner, we believe that security is not just about risk elimination. It’s also about risk reduction. As a website owner, there’s a lot that you can do to improve your WordPress security (even if you’re not tech savvy).

We have a number of actionable steps that you can take to protect your website against security vulnerabilities.

To make it easy, we have created a table of content to help you easily navigate through our ultimate WordPress security guide.

Table of Contents

Basics of WordPress Security

WordPress Security in Easy Steps (No Coding)

WordPress Security for DIY Users

Ready? Let’s get started.

Why Website Security is Important?

A hacked WordPress site can cause serious damage to your business revenue and reputation. Hackers can steal user information, passwords, install malicious software, and can even distribute malware to your users.

Worst, you may find yourself paying ransomware to hackers just to regain access to your website.

Why WordPress security is important

In March 2016, Google reported that more than 50 million website users have been warned about a website they’re visiting may contain malware or steal information.

Furthermore, Google blacklists around 20,000 websites for malware and around 50,000 for phishing each week.

If your website is a business, then you need to pay extra attention to your WordPress security.

Similar to how it’s the business owners responsibility to protect their physical store building, as an online business owner it is your responsibility to protect your business website.

[Back to Top ↑]

Keeping WordPress Updated

Keeping WordPress updated

WordPress is an open source software which is regularly maintained and updated. By default, WordPress automatically installs minor updates. For major releases, you need to manually initiate the update.

WordPress also comes with thousands of plugins and themes that you can install on your website. These plugins and themes are maintained by third-party developers which regularly release updates as well.

These WordPress updates are crucial for the security and stability of your WordPress site. You need to make sure that your WordPress core, plugins, and theme are up to date.

[Back to Top ↑]

Strong Passwords and User Permissions

Manage strong passwords

The most common WordPress hacking attempts use stolen passwords. You can make that difficult by using stronger passwords that are unique for your website. Not just for WordPress admin area, but also for FTP accounts, database, WordPress hosting account, and your custom email addresses which use your site’s domain name.

Many beginners don’t like using strong passwords because they’re hard to remember. The good thing is that you don’t need to remember passwords anymore. You can use a password manager. See our guide on how to manage WordPress passwords.

Another way to reduce the risk is to not give anyone access to your WordPress admin account unless you absolutely have to. If you have a large team or guest authors, then make sure that you understand user roles and capabilities in WordPress before you add new user accounts and authors to your WordPress site.

[Back to Top ↑]

The Role of WordPress Hosting

Your WordPress hosting service plays the most important role in the security of your WordPress site. A good shared hosting provider like Bluehost or Siteground take the extra measures to protect their servers against common threats.

Here is how a good web hosting company works in the background to protect your websites and data.

  • They continuously monitor their network for suspicious activity.
  • All good hosting companies have tools in place to prevent large scale DDOS attacks
  • They keep their server software and hardware up to date to prevent hackers from exploiting a known security vulnerability in an old version.
  • They have ready to deploy disaster recovery and accidents plans which allows them to protect your data in case of major accident.

On a shared hosting plan, you share the server resources with many other customers. This opens the risk of cross-site contamination where a hacker can use a neighboring site to attack your website.

Using a managed WordPress hosting service provides a more secure platform for your website. Managed WordPress hosting companies offer automatic backups, automatic WordPress updates, and more advanced security configurations to protect your website

We recommend WPEngine as our preferred managed WordPress hosting provider. They’re also the most popular one in the industry. (See our special WPEngine coupon).

[Back to Top ↑]

WordPress Security in Easy Steps (No Coding)

We know that improving WordPress security can be a terrifying thought for beginners. Especially if you’re not techy. Guess what – you’re not alone.

We have helped thousands of WordPress users in hardening their WordPress security.

We will show you how you can improve your WordPress security with just a few clicks (no coding required).

If you can point-and-click, you can do this!

Install a WordPress Backup Solution

Install a WordPress backup solution

Backups are your first defense against any WordPress attack. Remember, nothing is 100% secure. If government websites can be hacked, then so can yours.

Backups allow you to quickly restore your WordPress site in case something bad was to happen.

There are many free and paid WordPress backup plugins that you can use. The most important thing you need to know when it comes to backups is that you must regularly save full-site backups to a remote location (not your hosting account).

We recommend storing it on a cloud service like Amazon, Dropbox, or private clouds like Stash.

Based on how frequently you update your website, the ideal setting might be either once a day or real-time backups.

Thankfully this can be easily done by using plugins like VaultPress or UpdraftPlus. They are both reliable and most importantly easy to use (no coding needed).

[Back to Top ↑]

Best WordPress Security Plugin

After backups, the next thing we need to do is setup an auditing and monitoring system that keeps track of everything that happens on your website.

This includes file integrity monitoring, failed login attempts, malware scanning, etc.

Thankfully, this can be all taken care by the best free WordPress security plugin, Sucuri Scanner.

You need to install and activate the free Sucuri Security plugin. For more details, please see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to go to the Sucuri menu in your WordPress admin. The first thing you will be asked to do is Generate a free API key. This enables audit logging, integrity checking, email alerts, and other important features.

Generate Sucuri API Key

The next thing, you need to do is click on the ‘Hardening’ tab from the settings menu. Go through every option and click on the “Apply Hardening” button.

Sucuri security hardening

These options help you lock down the key areas that hackers often use in their attacks. The only hardening option that’s a paid upgrade is the Web Application Firewall which we will explain in the next step, so skip it for now.

We have also covered a lot of these “Hardening” options later in this article for those who want to do it without using a plugin or the ones that require additional steps such as “Database Prefix change” or “Changing the Admin Username”.

After the hardening part, the default plugin settings are good enough for most websites and don’t need any changes. The only thing we recommend customizing is ‘Email Alerts’.

The default alert settings can clutter your inbox with emails. We recommend receiving alerts for key actions like changes in plugins, new user registration, etc. You can configure the alerts by going to Sucuri Settings » Alerts.

Set up security email alerts

This WordPress security plugin is very powerful, so browse through all the tabs and settings to see all that it does such as Malware scanning, Audit logs, Failed Login Attempt tracking, etc.

Enable Web Application Firewall (WAF)

The easiest way to protect your site and be confident about your WordPress security is by using a web application firewall (WAF).

A website firewall blocks all malicious traffic before it even reaches your website.

DNS Level Website Firewall – These firewall route your website traffic through their cloud proxy servers. This allows them to only send genuine traffic to your web server.

Application Level Firewall – These firewall plugins examine the traffic once it reaches your server but before loading most WordPress scripts. This method is not as efficient as the DNS level firewall in reducing the server load.

To learn more, see our list of the best WordPress firewall plugins.

Sucuri WAF

We use and recommend Sucuri as the best web-application firewall for WordPress. You can read about how Sucuri helped us block 450,000 WordPress attacks in a month.

Attacks blocked by Sucuri

The best part about Sucuri’s firewall is that it also comes with a malware cleanup and blacklist removal guarantee. Basically if you were to be hacked under their watch, they guarantee that they will fix your website (no matter how many pages you have).

This is a pretty strong warranty because repairing hacked websites is expensive. Security experts normally charge $250 per hour. Whereas you can get the entire Sucuri security stack for $199 per year.

Improve your WordPress Security with the Sucuri Firewall »

Sucuri is not the only DNS level firewall provider out there. The other popular competitor is Cloudflare. See our comparison of Sucuri vs Cloudflare (Pros and Cons).

[Back to Top ↑]

Move Your WordPress Site to SSL/HTTPS

SSL (Secure Sockets Layer) is a protocol which encrypts data transfer between your website and users browser. This encryption makes it harder for someone to sniff around and steal information.

How SSL works

Once you enable SSL, your website will use HTTPS instead of HTTP, you will also see a padlock sign next to your website address in the browser.

SSL certificates were typically issued by certificate authorities and their prices start from $80 to hundreds of dollars each year. Due to added cost, most website owners opted to keep using the insecure protocol.

To fix this, a non-profit organization called Let’s Encrypt decided to offer free SSL Certificates to website owners. Their project is supported by Google Chrome, Facebook, Mozilla, and many more companies.

Due to this, it is now easier than ever to start using SSL for all your WordPress websites. For step by step instructions, see our article on how to get a free SSL certificate for your WordPress website.

WordPress Security for DIY Users

If you do everything that we have mentioned thus far, then you’re in a pretty good shape.

But as always, there’s more that you can do to harden your WordPress security.

Some of these steps may require coding knowledge.

Change the Default “admin” username

In the old days, the default WordPress admin username was “admin”. Since usernames make up half of login credentials, this made it easier for hackers to do brute-force attacks.

Thankfully, WordPress has since changed this and now requires you to select a custom username at the time of installing WordPress.

However, some 1-click WordPress installers, still set the default admin username to “admin”. If you notice that to be the case, then it’s probably a good idea to switch your web hosting.

Since WordPress doesn’t allow you to change usernames by default, there are three methods you can use to change the username.

  1. Create a new admin username and delete the old one.
  2. Use the Username Changer plugin
  3. Update username from phpMyAdmin

We have covered all three of these in our detailed guide on how to properly change your WordPress username (step by step).

Note: We’re talking about the username called “admin”, not the administrator role.

[Back to Top ↑]

Disable File Editing

WordPress comes with a built-in code editor which allows you to edit your theme and plugin files right from your WordPress admin area. In the wrong hands, this feature can be a security risk which is why we recommend turning it off.

Disable file editing in WordPress

You can easily do this by adding the following code in your wp-config.php file.

// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );

Alternatively, you can do this with 1-click using the Hardening feature in the free Sucuri plugin that we mentioned above.

[Back to Top ↑]

Disable PHP File Execution in Certain WordPress Directories

Another way to harden your WordPress security is by disabling PHP file execution in directories where it’s not needed such as /wp-content/uploads/.

You can do this by opening a text editor like Notepad and paste this code:

<Files *.php>
deny from all
</Files>

Next, you need to save this file as .htaccess and upload it to /wp-content/uploads/ folders on your website using an FTP client.

For more detailed explanation, see our guide on how to disable PHP execution in certain WordPress directories

Alternatively, you can do this with 1-click using the Hardening feature in the free Sucuri plugin that we mentioned above.

[Back to Top ↑]

Limit Login Attempts

By default, WordPress allows users to try to login as many time as they want. This leaves your WordPress site vulnerable to brute force attacks. Hackers try to crack passwords by trying to login with different combinations.

This can be easily fixed by limiting the failed login attempts a user can make. If you’re using the web application firewall mentioned earlier, then this is automatically taken care of.

However, if you don’t have the firewall setup, then proceed with the steps below.

First, you need to install and activate the Login LockDown plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, visit Settings » Login LockDown page to setup the plugin.

Login Lockdown options

For detailed instructions, take a look at our guide on how and why you should limit login attempts in WordPress.

[Back to Top ↑]

Add Two Factor Authentication

Two-factor authentication technique requires users to log in by using a two-step authentication method. The first one is the username and password, and the second step requires you to authenticate using a separate device or app.

Most top online websites like Google, Facebook, Twitter, allow you to enable it for your accounts. You can also add the same functionality to your WordPress site.

First, you need to install and activate the Two Factor Authentication plugin. Upon activation, you need to click on the ‘Two Factor Auth’ link in WordPress admin sidebar.

Two Factor Authenticator settings

Next, you need to install and open an authenticator app on your phone. There are several of them available like Google Authenticator, Authy, and LastPass Authenticator.

We recommend using LastPass Authenticator or Authy because they both allow you to back up your accounts to the cloud. This is very useful in case your phone is lost, reset, or you buy a new phone. All your account logins will be easily restored.

We will be using the LastPass Authenticator for the tutorial. However, instructions are similar for all auth apps. Open your authenticator app, and then click on the Add button.

Add website

You will be asked if you’d like to scan a site manually or scan the bar code. Select the scan bar code option and then point your phone’s camera on the QRcode shown on the plugin’s settings page.

That’s all, your authentication app will now save it. Next time you log in to your website, you will be asked for the two-factor auth code after you enter your password.

Enter your two-factor auth code

Simply open the authenticator app on your phone and enter the code you see on it.

[Back to Top ↑]

Change WordPress Database Prefix

By default, WordPress uses wp_ as the prefix for all tables in your WordPress database. If your WordPress site is using the default database prefix, then it makes it easier for hackers to guess what your table name is. This is why we recommend changing it.

You can change your database prefix by following our step by step tutorial on how to change WordPress database prefix to improve security.

Note: This can break your site if it’s not done properly. Only proceed, if you feel comfortable with your coding skills.

[Back to Top ↑]

Password Protect WordPress Admin and Login Page

Password protect WordPress admin area

Normally, hackers can request your wp-admin folder and login page without any restriction. This allows them to try their hacking tricks or run DDoS attacks.

You can add additional password protection on a server-side level, which will effectively block those requests.

Follow our step-by-step instructions on how to password protect your WordPress admin (wp-admin) directory.

[Back to Top ↑]

Disable Directory Indexing and Browsing

Disable directory browsing

Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can take advantage of these files to gain access.

Directory browsing can also be used by other people to look into your files, copy images, find out your directory structure, and other information. This is why it is highly recommended that you turn off directory indexing and browsing.

You need to connect to your website using FTP or cPanel’s file manager. Next, locate the .htaccess file in your website’s root directory. If you cannot see it there, then refer to our guide on why you can’t see .htaccess file in WordPress.

After that, you need to add the following line at the end of the .htaccess file:

Options -Indexes

Don’t forget to save and upload .htaccess file back to your site. For more on this topic, see our article on how to disable directory browsing in WordPress.

[Back to Top ↑]

Disable XML-RPC in WordPress

XML-RPC was enabled by default in WordPress 3.5 because it helps connecting your WordPress site with web and mobile apps.

Because of its powerful nature, XML-RPC can significantly amplify the brute-force attacks.

For example, traditionally if a hacker wanted to try 500 different passwords on your website, they would have to make 500 separate login attempts which will be caught and blocked by the login lockdown plugin.

But with XML-RPC, a hacker can use the system.multicall function to try thousands of password with say 20 or 50 requests.

This is why if you’re not using XML-RPC, then we recommend that you disable it.

There are 3 ways to disable XML-RPC in WordPress, and we have covered all of them in our step by step tutorial on how to disable XML-RPC in WordPress.

Tip: The .htaccess method is the best one because it’s the least resource intensive.

If you’re using the web-application firewall mentioned earlier, then this can be taken care of by the firewall.

[Back to Top ↑]

Automatically log out Idle Users in WordPress

Logged in users can sometimes wander away from screen, and this poses a security risk. Someone can hijack their session, change passwords, or make changes to their account.

This is why many banking and financial sites automatically log out an inactive user. You can implement similar functionality on your WordPress site as well.

You will need to install and activate the Inactive Logout plugin. Upon activation, visit Settings » Inactive Logout page to configure plugin settings.

Logout idle users

Simply set the time duration and add a logout message. Don’t forget to click on the save changes button to store your settings.

[Back to Top ↑]

Add Security Questions to WordPress Login Screen

Add security question on login screen

Adding a security question to your WordPress login screen makes it even harder for someone to get unauthorized access.

You can add security questions by installing the WP Security Questions plugin. Upon activation, you need to visit Settings » Security Questions page to configure the plugin settings.

For more detailed instructions, see our tutorial on how to add security questions to WordPress login screen.

[Back to Top ↑]

Scanning WordPress for Malware and Vulnerabilies

Malware scanning

If you have a WordPress security plugin installed, then those plugins will routinely check for malware and signs of security breaches.

However, if you see a sudden drop in website traffic or search rankings, then you may want to manually run a scan. You can use your WordPress security plugin, or use one of these malware and security scanners.

Running these online scans is quite straight forward, you just enter your website URLs and their crawlers go through your website to look for known malware and malicious code.

Now keep in mind that most WordPress security scanners can just scan your website. They cannot remove the malware or clean a hacked WordPress site.

This brings us to the next section, cleaning up malware and hacked WordPress sites.

[Back to Top ↑]

Fixing a Hacked WordPress Site

Many WordPress users don’t realize the importance of backups and website security until their website is hacked.

Cleaning up a WordPress site can be very difficult and time consuming. Our first advice would be to let a professional take care of it.

Hackers install backdoors on affected sites, and if these backdoors are not fixed properly, then your website will likely get hacked again.

Allowing a professional security company like Sucuri to fix your website will ensure that your site is safe to use again. It will also protect you against any future attacks.

For the adventurous and DIY users, we have compiled a step by step guide on fixing a hacked WordPress site.

[Back to Top ↑]

That’s all, we hope this article helped you learn the top WordPress security best practices as well as discover the best WordPress security plugins for your website.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post The Ultimate WordPress Security Guide (Step by Step) appeared first on WPBeginner.



Source link

Ultimate Guide to Creating a WordPress Membership Site


Do you want to build a membership website? For a long time, website owners relied solely on advertising and affiliate revenue to monetize their content.

A membership website allows you to make money online by allowing users to pay for premium content, features, and access to the community.

You will need a platform that has features for managing users, memberships, payments, etc. Luckily, there are some really great membership plugins for WordPress that make it super easy.

In this step by step guide, we will show you how to easily create a WordPress membership site without any coding knowledge.

Creating a WordPress membership website

What Do You Need to Start a WordPress Membership Website?

Unlike 10 years ago, it’s quite easy to make a website these days. Out of all the platforms and website builders, WordPress makes it the easiest for anyone to build their own membership website and start selling with little to no technical skills.

You’ll need the following three things to start:

  1. A domain name. This will be your website’s address (Example, wpbeginner.com).
  2. A web hosting account. This is where your website files are stored.
  3. A membership addon (It will convert your regular website into a membership platform).

You can set up a fully functional membership website with WordPress in less than 30 minutes, and we’ll walk you through every step of the process.

Below are the steps that we will cover to help you make a powerful membership website with WordPress.

  1. Getting started with a membership site
  2. Choosing a WordPress membership plugin
  3. Setting up your membership website
  4. Adding payment methods
  5. Adding membership levels
  6. Restricting access based on membership plans
  7. Creating members only content
  8. Creating a pricing page
  9. Adding sign up and login forms
  10. Customizing email templates
  11. Viewing reports to grow your website
  12. Extending your membership website

Ready? Let’s get started.

Step 1. Getting Started with a WordPress Membership Site

To create a membership site, you must make sure that you are using the right WordPress platform. Yes, there are two types of WordPress.

We recommend using the self-hosted WordPress.org version because it gives you unrestricted access to all features and tools that you need (see the full comparison of WordPress.com vs WordPress.org).

For a self hosted WordPress site, you’ll need a WordPress hosting account, domain name, and a SSL certificate.

Typically, a domain name costs around $14.99 / year, web hosting around $7.99 / month, and SSL certificate costs around $69.99 / year.

If you are just starting out, then these startup costs can add up quickly.

Thankfully, we have a way to fix that.

Bluehost, an official WordPress recommended hosting provider, has agreed to offer our users a free domain name, free SSL certificate, and a discount on web hosting.

Basically, you can get all of the above for $2.75 per month.

→ Click here to Claim this Exclusive Bluehost offer ←

Note: At WPBeginner we believe in full transparency. If you sign up with Bluehost using our referral link, then we will earn a small commission at no extra cost to you (in fact, you will save money and get a free domain + SSL certificate). We would get this commission for recommending just about any WordPress hosting service, but we only recommend products that we use personally and believe will add value to our readers.

Once you have signed up for hosting, the next step is to install WordPress. Follow the instructions in our step by step guide on how to start a WordPress blog, and you’ll be up and running in no time.

Since Bluehost already comes with WordPress pre-installed, you can move on to setting up your WordPress membership site.

Step 2. Choosing a WordPress Membership Plugin

There are plenty of free and paid WordPress membership plugins that you can use. However, each one of them has its own pros and cons. We have a full comparison of the best WordPress membership plugins.

To choose the right WordPress membership plugin, you need to decide what kind of membership website do you want to build and what features will you need?

If you just want to allow user registration on your WordPress site, then you can use WPForms. It is a WordPress form builder plugin that allows you to easily create user login and registration forms. You can even allow users to submit articles without accessing the WordPress admin area.

On the other hand, if you want to sell subscriptions, paid content, or digital downloads, then you’ll need a more robust WordPress membership plugin, like MemberPress.

MemberPress comes with advanced membership features that allow you to accept payments, create membership levels, restrict access based on levels, and more.

Selling online courses can be another possible scenario. In this case, you’ll need LearnDash, a complete WordPress LMS plugin with all the learning management features.

You can also integrate LearnDash into MemberPress to create a powerful website with online courses as well as membership subscriptions.

That being said, let’s start setting up your WordPress membership website.

Step 3. Setting up Your WordPress Membership Website

We are choosing MemberPress as our go-to plugin because it has all the features we mentioned above, and it works perfectly with third-party plugins necessary for the growth of your business.

First thing you need to do is install and activate the MemberPress plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit the MemberPress » Options page to configure the plugin settings.

MemberPress options page

Step 4. Add a Payment Method

The options page is divided into different tabs. The first thing you need to set up is a payment gateway because it allows you to accept payments on your membership site.

You can do this by switching to the ‘Payments’ tab and then selecting your payment gateway.

MemberPress payments

MemberPress supports PayPal (Standard, Express, and Pro), Stripe, and Authorize.net out of the box. You need to select the payment method you want to setup and provide the required credentials.

You can also add multiple payment methods by clicking on the add button to add another payment method.

We typically use two options: Stripe for credit cards and PayPal as a secondary option because some users prefer PayPal over giving out credit card details.

Don’t forget to click on the ‘Update Options’ button at the bottom of the page to save your settings.

Step 5. Creating Membership Levels

The next step is to create membership levels that your users can purchase. Each membership level can have different pricing plans, perks, and access. You can even have a free membership plan.

To create a membership level, you need to go to MemberPress » Memberships page and click on the ‘Add New’ button at the top.

Add membership level

On the next page, enter a title for this particular membership plan and then provide the plan details in the post editor.

You will need to set the pricing and expiration for this plan under the membership terms section.

Membership plan

In the example above, we have created a yearly membership plan.

After that, you need to scroll down to the membership options meta box below the post editor. This is where you can customize permissions and membership options for this particular plan.

Membership options

Once you are satisfied with the membership plan, you can click on the publish button to make it available.

Go ahead and repeat this process to create as many membership plans that you need.

Step 6. Restrict Access for Membership Plans

The next step is to select which content would be available to different membership plans on your website. MemberPress makes it very easy to control access using ‘Rules’.

You can setup rules by visiting the MemberPress » Rules page and clicking on the Add New button at the top.

Add new rules

The rule edit page allows you to select different conditions and associate them to a membership plan.

For example, you can select all content that matches a particular tag or category to be available only to members with the silver subscription plan.

Add a rules set to MemberPress

You can also create more specific rules. For example, a single post or page, child pages, or a specific URL.

Below the rules editor, you’ll see the content drip and expiration options.

Drip content allows you to gradually release content to users instead of giving it all away at once. The expiration option makes the content unavailable after a defined period of time.

If you are not sure, then you should leave them unchecked.

Once you are satisfied, go ahead and click on the ‘Save Rule’ button to save your rule settings.

Repeat the process to create more rules as needed for your membership site.

Step 7. Adding Members Only Content

MemberPress makes it super easy to create members-only content using Rules.

In the above example, we created a rule that restricted all content tagged as paid to be restricted. Now all we need to do is to create our paid content and add the paid tag to it.

Adding members only content

MemberPress also adds ‘MemberPress Unauthorized Access’ metabox below the post editor. This allows you to select what logged out users (non-members) will see when they reach this content.

Restricted content options

You can use the global default settings, or you can show excerpts, login form, or a custom message.

Once you have added members-only content, you can go ahead and publish it. As the page reloads, you will see a success message that this content is protected.

Protected content

Step 8. Create a Pricing Page

This is the page your users will see when they want to sign up for a membership plan. On this page, users will be able to select a membership plan and then move to the payment page.

Users who try to access the restricted or paid areas of your website will also be redirected to this page.

You can configure this by going to MemberPress » Groups page and clicking on the Add New button at the top.

Creating a group

First, enter a title for the group plan page. This will also be the title for the plans page that users will see.

Next, go down to ‘Group options’ metabox and add memberships that you want to display on the page.

Pricing group options

You can also select a theme for the pricing table. MemberPress comes with few ready-made templates for that.

Once satisfied, click on the ‘Publish’ button to make your plan publicly visible.

To preview your pricing page, click on the ‘View Group’ link after publishing it.

Pricing page

Redirect users to pricing page

Now that we have the pricing page ready, the next step is to redirect unauthorized users to the pricing page.

To do that, first you need to visit MemberPress » Groups page and copy the URL next to the group you created in the previous step.

Pricing page URL

After that, go to MemberPress » Options page and scroll down to the ‘Unauthorized Access’ section.

You need to check the box next to ‘Redirect unauthorized visitors to a specific URL’ option and then paste the group URL you copied earlier.

Redirect unauthorized users to pricing page

Click on the ‘Update Options’ button to save your settings.

Now unauthorized users will be redirected to the pricing plans page when they try to access a members only area.

Step 9. Add Sign up and User Login Forms

Now that you have everything set up, it is time to allow your users to easily find their way around your website.

First, you need to add a user login form so that members can sign in to their accounts.

Go to Appearance » Widgets and add ‘MemberPress login’ widget to a sidebar.

MemberPress login widget

Next, we will be adding the pricing page link to the navigation menu, so that new users can select a plan and register.

You can do this by visiting the Appearance » Menus page in your WordPress admin. From the left column, you need to click on the Groups tab to expand it. It will show the pricing plan group you created earlier.

Add pricing plans to the menu

Check the box next to your pricing page and then click on the ‘Add to menu’ button.

The pricing plan page will now appear in the right column. You can drag and drop to rearrange its position in the menu. You can also edit it and change the link text.

Edit menu item

Don’t forget to click on the save menu button to store your changes.

You can now log out of the WordPress admin area and visit your website to see everything in action.

Membership website preview

Step 10. Customizing Membership Email Templates

Your WordPress membership plugin will send several email notifications to members. MemberPress allows you to easily edit those emails and make changes to include your own branding.

Simply go to MemberPress » Options page and click on the ‘Emails’ tab. From here you can manage email notifications sent by MemberPress.

Editing email notifications in MemberPress

You will see all the email notifications sent by MemberPress to members as well as Administrators. You can click on the edit button to customize any of these notices.

Edit email notices

You can use a simple text editor to edit the email message with basic formatting options and smart tags to insert dynamic items like names, username, membership level, and more.

Make sure that you click on ‘Send Test’ button to send yourself a couple of test notifications. This will ensure that MemberPress can send email notifications.

If you are having trouble receiving email notifications, then see our guide on how to fix WordPress not sending email issue.

Step 11. Viewing Reports to Grow your Membership Website

To grow any business, you need data to make informed decisions. MemberPress comes with built-in reports to see how your membership website is doing.

Simply go to the MemberPress » Reports page. From here, you can sort reports by monthly, yearly, or all time data.

MemberPress reports

It will show you number of active, inactive, free, paid, and total members. It will also show you average member lifetime value and other data. You can scroll below to see more charts and click on a date to view transactions.

However, the most important metric of judging a membership website’s success is user engagement.

This is where you’ll need Google Analytics. It allows you to see where your users are coming from and what they do when they are on your website.

MonsterInsights, the most popular Google Analytics plugin for WordPress, offers a complete MemberPress integration that makes it easy to enable Enhanced Ecommerce Tracking for MemberPress.

For detailed instructions, see our guide on how to track user engagement using Google Analytics in WordPress.

Taking Your Membership Website to The Next Level

MemberPress is a powerful WordPress membership plugin. It allows you to easily grow your membership website.

It works beautifully with LearnDash, which allows you to easily create courses and leave the selling part to MemberPress.

You can also use it alongside BuddyPress and bbPress.

Here are some other useful resources to help you grow your WordPress membership site.

That’s all, we hope this article helped you setup your WordPress membership website. You may also want to see our step by step WordPress SEO guide for beginners.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post Ultimate Guide to Creating a WordPress Membership Site appeared first on WPBeginner.



Source link