Advanced Custom Fields (ACF) is a great plugin for adding any content to your site, or even building an entire website. When ACF is used with MemberPress, you might encounter difficulties applying the membership-based protection to your ACF fields.
This document will show you how to overcome this, and successfully build your website with ACF and MemberPress.
Why Are My ACF Fields Not Protected Out of the Box?
Protecting content with MemberPress is done by adding MemberPress Rules. Here, it's important to mention that these rules only protect content that's outputted through the WordPress the_content() function. This refers to the content of your post. Any content being rendered outside of this function will stay unprotected.
The ACF plugin uses its own get_field() function to display the ACF fields on your posts. This prevents the MemberPress rule code from running in this case. Accordingly, though your post content will be protected and available only to your members, the ACF fields on the same post will remain visible to everyone.
Protecting ACF Fields
There are two ways you could solve this and prevent unauthorized users from accessing your ACF fields. The first solution would be to protect entire posts and redirect users to a specified page.
Another solution is to protect each ACF field individually using a custom code.
Use Unauthorised Redirection
As mentioned, the alternative that is the easiest here would be to use the MemberPress rules in combination with the MemberPress unauthorized redirection.
To do this, you must first enable the unauthorized redirection option in your MemberPress settings. With this option enabled, your unauthorized users will be automatically redirected away from protected posts. Thus, you will prevent any of them from accessing your unprotected ACF fields by denying them access to the entire post.
Here, please keep in mind when enabled, the redirection will be applied to all of your protected content. If you still want to show the unauthorized message on some protected posts, you can add unauthorized redirection exclusions using a custom code snippet.
Protect Individual ACF Fields
Depending on your goals, protecting the entire post might not solve the issue in your case. Here, you could try using our mepr-active capability to protect individual ACF fields. This capability will allow you to check if the user has access based on the user’s active membership subscriptions. The protected ACF field will be displayed only to authorized users.
Below, you can find a sample of the code for displaying an ACF field protected by a MemberPress rule. The MemberPress rule, in this example, has an ID of 123 and is applied using the mepr-active capability:
<?php
if(current_user_can('mepr-active', 'rules:123')) {
get_field('acf_field_here');
}
To use this code on your ACF fields, you would need to replace the ID of 123 with the ID of the rule you want to apply. You can find the IDs of all your rules at Dashboard > MemberPress > Rules.
