Media files will NOT be protected
When you add media (images, pdfs, etc.) to your site, they are not protected, regardless of the privacy status of the page that contains it. If somebody finds the path to the file, they will be able to access it without restriction. If you have private media to add to a page, consider uploading it to UW Box and linking out to it.
When to Use
- You want to protect non-sensitive and non-restricted content behind a login page using NetID SSO.
- You only want a select list of NetID users to view a page.
- You want users to be able to see that the page exists, but only allow certain users to view the actual content.
When to Consider Something Else
- You are using sensitive or restricted data. Our services are not designed to host secure data. You may not use this plugin to protect this type of information.
- You need to protect media files. Any files uploaded to your site are always public. If you have a file that should only be viewed by a select list of users, UW Box might be a better solution.
Opening the Settings Panel
Open the page you would like to protect in the WordPress editor. If the post is able to be protected by NetID, you’ll see a lock icon (see below) near the save button at the top right of the editor. Clicking it will open a panel. If you don’t see the page settings or lock icon, check to make sure it is enabled.
Page Setting Options
Protect this page with NetID
Enabling this setting will require a user to log in to view the content on the page.
Protect child pages
Enabling this setting will require a user to log in to view the content on all child pages under the parent page. The parent does not need to be protected to enable this setting. If enabled, page children at all nesting levels will be protected.
Note: Not all post types have child pages, so this setting won’t always appear. For example, blog posts do not have a hierarchy, so this option is not available.
Only allow specific NetIDs
If enabled, the page will be restricted to only allow the listed NetID usernames. Keep in mind, site administrators and editors will always be able to view (and edit) all pages.
If this setting is enabled but the “Allowed NetID Usernames” is left blank, only administrators and editors will be able to view the page. This can be a more user friendly alternative to the private or password protected post status.
Allowed NetID Usernames
Define a list of NetIDs that are allowed to view the page. Do not include @wisc.edu, only the username. To maintain performance with this feature, this list is limited to 25 usernames—keep in mind that you do not need to add site administrators or editors to it.
Example: “jappleseed, asmith, bjohnson2”
Don’t See Page Settings?
If you are in the post editor and don’t see the options for NetID protection, there could be a couple things happening:
- The post type is not protectable
By default, both posts and pages can be protected. However, if this setting gets changed or if you’re editing a custom post type (such as a person or event), it may be toggled off. To enable, go to settings > NetID Protection and confirm the post type is toggled as protectable. - You are editing the front page
It is not possible to protect the front/home page of your site. - The NetID panel is unpinned
It’s possible that you’ve unpinned the NetID panel. If this is the case, you should see a “NetID Protection” option when you open the options menu (3 vertical dots next to the save button). To pin it again, open the panel and click the pin to toolbar button at the top of the panel. - The CALS NetID plugin is not active
If all of the other steps fail to enable the NetID plugin, please contact us to make sure it is active on your site.
Protecting All Posts With a Specific Post Type
It is possible to protect all posts in a given post type. For example, if you have a post type for internal documents that you don’t want accessible to the public, you could protect all of those. To protect a post type, go to Settings > NetID Protection > Protected Post Types and select the one you want to be protected.
What is a post type?
A post type defines the type of content a page will contain. Every site comes with two post types: Page and Post, but you may have more depending on your configuration.
Warning Messages
Private/Password Protected Page
A page should never be both private/password protected AND protected by NetID. If you attempt to enable both, you’ll see a warning message at the top of the editor prompting you to correct the error.
Password protected pages will have their password bypassed by the NetID authentication. If both are enabled, users will never see a field to enter the page password.
Private pages show a 404 error when viewed by a user who is not logged into WordPress (it will seem like the page does not exist). Only logged-in administrators and editors can view private pages. On the other hand, NetID page protection will automatically authenticate logged-in users, while prompting everyone else to log in with NetID. Non-authenticated users will be able to see that the page exists, but they will only see the page title.
Old Post Meta Detected
In rare cases, pages that become inherently protected by their parent (or become a protected post type) may have old settings stored in the database. While not exactly harmful, keeping these is unnecessary because the logic for protecting the page is taken care of somewhere else. In this case, you should click the “clear” button in the warning message to clean up the database.
This only happens when a post which was previously individually protected becomes protected by a parent or a protected post type.
Interested in using this plugin on your site?
Please contact us and we’ll help you get it activated and set up.