Using WordPress as a Simple Client Management Solution

login11

So, you’re looking to give your clients a secure way to access a client page (or group of pages) on your WordPress powered site. There’s just one problem… there isn’t a simple WordPress plugin that can do it for you with the out-of-the-box functionality we’ve grown accustomed to. But before you give up on client management (or WordPress) altogether, let me assure you, it can be done. So, if you’re up for learning a new trick with some old programming knowledge and a little elbow grease, let’s get started.

Before we begin, have a look at this example client login page from my old site to get an idea of our goal.
Username:demo Password:client

This setup has been tested up to WP 3.5.1 (current version).

 

First Things First: The Plugins

Role Manager
This plugin is not directly available on WordPress.org, but makes for much less of a headache throughout the next steps. To set it up correctly, go to users –> roles and add a new role named ‘client’. Make sure to only enable the ‘read’ function (otherwise, your clients may be able to access your dashboard or other administrative pages and change the content of your site.

IWG Hide Dashboard
The main purpose of this plugin is to keep non-admin users out of admin only areas of your WordPress installation. To enable this function, simply make sure the ‘hide dashboard’ option is checked for the ‘client’ role we created in the last step.

Peter’s Login Redirect
Really, this plugin is what makes simple client management possible. It allows you to easily direct a logged in user to a specific page on your site that will serve as their customized client page. It does this by checking the user’s role (that it integrates with the previous plugins) and sending the user to a pre-defined URL.

The Code

There. That wasn’t so bad, was it? Well, we still have a ways to go– and it involves modifying some code. Don’t worry, though. I’ll try to make it as straight forward and painless as possible.

First, we have to add a login/logout form somewhere on our page. Mine is located in the drop down menu at the very top of this page my old site, but you can easily place it anywhere in your theme. The easiest is to add this to either your header or footer template pages, as they will (probably) require less maintenance and tweaking as your site evolves (many themes utilize more than one sidebar or main content template, whereas most stick with a common header and footer throughout). Just paste the following code where you want the form to appear (files are found in the /wp-content/themes/your-theme-name folder on a standard WordPress installation).

Next, you’ll need to create a template for your clients’ pages. I have chosen to name mine ‘client.php’, based on the role I created earlier and overall ease of use.

Simply copy and paste this code into a text file and save it as ‘client.php’. Of course, be sure to change the styled XHTML to fit your theme.

Go ahead and upload everything (client.php and whatever file you amended the login form to) to your ‘/wp-content/themes/your-theme-name’ folder and we’ll be off to our final steps.

Setting Up: Configuring the Plugins

Now that we’ve installed our plugins and set up our php code to allow for client login management, let’s go ahead and configure those plugins to function properly. On your WordPress dashboard, open your ‘users’ tab and select ‘add new’. Create a new user called ‘demo’ and give it the role of ‘client’ (that we created earlier). Enter your email where required and give your new user the password ‘client’ (we’ll test using this username and password in just a bit).

Next, scroll down to where it says ‘assign extra capabilities’ (if this is not present, make sure you correctly installed the ‘role manager’ plugin above). Make certain that only the fields ‘hide dashboard’ and ‘read’ are checked, then save your new user.

Now, on your dashboard, go to the settings tab and click on ‘Login redirects’. Under ‘Specific Roles’ make sure that administrator is checked and set the URL to ‘http://www.your-domain.com/wp-admin/index.php’ (this will automatically direct all administrators to the dashboard on login). Click ‘update’.

OK, here’s what we’ve been waiting for. Under ‘Specific Roles’ again, let’s add the role ‘client’ (that we created earlier) and give it the URL ‘http://www.your-domain.com/[variable]username[/variable]’. Save it. This will, essentially, redirect all users with the role ‘client’ to a page with the same name as the client’s username. In other words, if the username is ‘demo’, the corresponding client page must be named ‘demo’ and point to a URL ending in ‘/demo/’. (To make client pages more manageable, you may want to redirect users to a sub-page in order to keep your pages list more controlled. In this case, you would give the ‘client’ role the URL ‘http://www.your-domain.com/clients/[variable]username[/variable]’ if you would like all client pages to be sub-pages of the parent page ‘client’. This is not necessary, but will make your life a whole lot easier when managing more than a few clients at a time.)

Congratulations! You have successfully configured all the required plugins. Just one thing left to do…

The Final Step: Creating Client Pages

Finally, after all that, we can go ahead and create our demo client page! Let’s add a new page called ‘demo’ (if seeking to make all client pages sub-pages, make ‘demo’ a sub-page of the page ‘clients’, or whatever you want the parent page to be). On the right side of your screen, in the tab ‘Page Attributes’, make sure the template field is set to ‘client’ and a parent page is selected (if desired). I have also chosen to make my client pages password protected to disallow any unauthorized access. To do so, just assign the client’s user password to the page.

Make sure that your permalink matches what you set under ‘Specific Roles’ above and you should be good to go. Just fill in the page with some client information, sign out of your WordPress account, and use the login form we installed on your page to login with the username ‘demo’ and password ‘client’. You should be redirected right to the demo client page. If it worked for you, simply add more client pages and pat yourself on the back.

If you have any questions or comments on this tutorial, leave me a comment to let me know. Happy coding!

EDIT:

Thanks to the comment by the user ‘underscore’ in the WordPress.org Support Forums, we now have an easy way to limit each user’s login to viewing only that user’s client page. It does this by checking a user’s username against a client page’s title. If the two are the same, the page is allowed to be viewed. If they don’t match, the user is sent to your universal wp-login.php page. Simply add the following code near the top of your client page’s template. Be sure to edit the highlighted lines to reflect your site’s requirements and you should be good to go.

About the Author

Dave Winter focuses exclusively in WordPress design and development (some have labelled him a fanatic) but has hands in many other projects, including photography and music. He's never far from a computer... or an iPad (for testing purposes, of course). If you've been to a WordCamp in Southern California, he probably already knows who you are (or maybe not - he's terrible with names). Dave currently teaches courses at California State University, Long Beach alongside his home-brew business at dauid.us (and his students think he's pretty boss).

Comments

  1. Patrina Verzekering says:

    Hi,

    I am going to try WordPress on my website. I am downloading the package right now. While getting it i was searching for some info on WordPress. Its good to know that managing clients could be easy like this. I just hope I can get it working!

    Thanks!

    • Dave Winter says:

      Patrina,

      Thanks for giving me a try. I hope to release a series of posts soon that deal specifically with WordPress as a complete website solution. Hope they can give you a nice jumpstart on integrating WP into your site.

      -Dave

  2. wp-popular.com » Blog Archive (moderated) says:

    […] more from the original source: Dauidus Design –/ Making the Web… Beautiful –/ Long Beach, CA Tags: access, custom, […]

  3. Jim Thowes says:

    Wow.. Now that’s what I call a good idea. Just one question, how can you make it so one person can’t login to another client’s page? Doesn’t this make it easy to steal information and what’s on the page? Thanks.

    • Dave Winter says:

      Jim,

      You can easily give any page on your WordPress site a password by changing the visibility to from “public” to “password protected” on the top right of your edit page screen. This tutorial just takes that one step farther by giving each user access to the page, but not to your dashboard. That way, you can better streamline your client management experience by having everyone login from the same page. I’ve been using this method for over a year, and haven’t run into any problems yet!

      -Dave

      • OK, that sounds cool, but let’s take this one step further. It would be more secure to have individual logins for individual clients that strictly direct them to their stuff and not have to bother with passwording a page, which, BTW, presents a security problem in that it gives a client login a hint that there is other stuff in there.

        Any thoughts?

      • Dave Winter says:

        Mitch,

        Essentially, having individual logins for each particular client page is just what we’re doing here. You can set this up to not only keep each login separate, but also to only allow a page to be viewed after a login from a certain page on your site. For example, you can set it up to only allow client a to access a page by login in from http://www.yourdomain.com/clienta, rather than allowing them to login from anywhere on the site. That way, only those who know about that page can login from there. As long as your .htaccess file (or plugin) hides the login pages from search engines, you should be pretty secure.

        Like I mentioned above, I’ve been using this technique for a while now and haven’t had any security problems or trouble at all with it. My clients seem to also appreciate that they have a ‘private’ page to login from that nobody else knows about. And I like that I can track how many times each client has logged in with simple analytics tracking tools.

        -Dave

      • Hi Dave,

        Thanks for the great information. You mention being able to track when clients log in with simply analytics tools. Can you share which ones you are using? I am looking for a way to track our clients– ideally get email alerts when they log into the private pages of our website, so we can do customer-service follow up calls.

        Any advice?

      • Dave Winter says:

        Lara,

        I’ve just been using Google analytics to track those visits. Since I already have it integrated into my site, its simple a matter of calling a small function to display the number of visits to each login page I assign it to check for. Then, I’ve created a simple (but not very good-looking) dashboard widget to output the data. Its a dirty hack, but it works to fit my needs well.

        Cheers,
        -Dave

  4. Is there a way to know which specific themes this will work with? or is it trial and error?

    • Dave Winter says:

      Jeff,

      This, in theory, should work with any theme you can get your hands on. I create my own themes, but I don’t think I include anything out of the norm in my code. I would advise you to go ahead and try it out with the theme you’re already using… it should work just fine!

      Let me know how it goes,
      -Dave

      • Well I’ve been hacking away at this, and I can’t seem to get past primarily this:
        I am unable to assign a page attribute of ‘client’ to my ‘demo’ page. Upon trying two or three times, the permalink changes to /demo-2, /demo-3, etc.

        The code for making a client page and login form (I put it in the footer) seems to have worked just fine. I’m reasonably confident that I uploaded them to the correct folders as well.

        It seems like a really great feature you’ve made here….

      • Dave Winter says:

        Jeff,

        Not sure if you’re still up for trying this out, but it sounds like you need to delete some rows from your pages table in the database. I’d be really careful, but you can do some quick Google searching and come up with a tutorial to walk you through it… if you have access to PHPMyAdmin on your site.

        What is happening here is that WordPress is saving every page you’ve created to a database table, but it doesn’t delete those pages automatically. So, you can either try the whole PHPMyAdmin thing, give those users the ‘demo-3′ link, or assign them a new page altogether.

        Hope you stuck with this one… its a fun little hack!

  5. WP-Client not only serves all these needs, but is in continual development to take you further in your ability to easily and efficiently interact with your clients, customers, colleagues, collaborators, employees, staff, patients or vendors.

    • Dave Winter says:

      WP-Client,

      While I understand that there are many options for WordPress admins to implement features, I also try to provide my readers with alternatives. While your plugin does seem to offer much more functionality and extra goodies, I have found that my simple solution works very well for what I need it to do… without tons of additional code and features that can slow down the user experience. Not to mention, mine is free. :0)

      That being said, I think you’re plugin is great for folks looking to provide a more streamlined way to add many users without much hassle or tinkering around with code. And it looks like something that fills a need to the overall WordPress community. Keep up the great work!

Let me know what you're thinking

© 2014, Dave Winter (dauidus)