DESCRIPTION
We Built Something
We needed a way to be able to accept an incoming URL from a system that validates users subscription status to securely log them in.
WordPress Multisite Plugin for Subscription-Based Content Access
We developed a custom WordPress plugin designed to authenticate users via a referral link from an external subscription management system (XCIS). This solution allows only active subscribers to access specific restricted content on the WordPress site, with the following workflow:
Key Features:
- Referral Link Processing: The subscription management system (XCIS) sends users to the WordPress site with a unique referral link. The URL contains key parameters, such as
status=ACTIVE
and asubscription_id
, to validate the user’s active subscription status. For example.https://example.com/userreturn?request-ref=66aa4c9635ecf&status=ACTIVE&subscription_id=2365100
- Plugin Configuration: On plugin activation, site administrators provide two key input values:
- The base referral URL from the subscription system (e.g.,
https://example.com
/userreturn
)
- The base referral URL from the subscription system (e.g.,
-
- A URL to redirect users after a successful login, allowing them to access the desired restricted content. (e.g.,
https://
example.com/premium-content/
)
- A URL to redirect users after a successful login, allowing them to access the desired restricted content. (e.g.,
- Validation Process:
- When WordPress receives the referral link, the plugin checks the
status
parameter in the URL. If the status is “ACTIVE” and thesubscription_id
exists, the user is logged in or a new user is created if necessary. - If the validation fails, the user is redirected to an “invalid subscription” page.
- When WordPress receives the referral link, the plugin checks the
- Redirection to Content: Upon successful validation, users are redirected to the predefined URL (entered during the plugin setup), giving them access to the restricted content.
Example Workflow:
- A user subscribes on the external subscription portal.
- The user is redirected via a link like:
https://example.com/userreturn?status=ACTIVE&subscription_id=2365100
- If the
subscription_id
is valid and the status isACTIVE
, the plugin logs in the user and redirects them to the restricted content (e.g.,https://example.com/premium-content
). - If validation fails, the user is sent to an invalid subscription page.
This system ensures secure access for active subscribers while being flexible enough for potential future multisite use across the WordPress network.