Managing access to WordPress forms is important for sites with registered users. If you run a membership site or an online store, limiting certain forms to logged-in users helps protect your data and keep everything organized.
After some research, we found an easy way to handle this using WPForms and MemberPress. These tools make it simple to limit form access to logged-in users without any complicated setup or coding. At WPBeginner, we also use these plugins daily, so we’re confident in recommending them.
In this article, we’ll show you how to restrict your WordPress forms to logged-in users.
When and Why Do You Need to Restrict Access for WordPress Forms?
There could be a number of scenarios when you would need to restrict access to certain WordPress forms to logged-in users only.
For example:
- You may be hosting a private members event and only want registered users on your site to RSVP.
- You might restrict access to support for members only, and by limiting it to logged-in users only, you can dynamically populate certain information from their profiles.
- You might want to run an employee survey or poll, and you want to restrict access to your internal team only.
- You are running a customer NPS survey that you only want to be submitted by logged-in users.
- You might have a special prize claim form that you want to be accessed by only certain logged-in users.
These are just some examples, but there are literally hundreds of other use cases where you want to restrict form access to registered users only.
With that said, let’s take a look at how to restrict your WordPress form access to logged-in users only. We will cover 3 easy ways, so you can click the links below to jump ahead to any section.
Ready? Let’s jump right in!
Method 1: Restrict Form Access With WPForms Form Locker Addon
This method is the easiest and most powerful, so we recommend it for all beginner users. We will use the WPForms plugin and their Form Locker addon to completely lock down WordPress form access.
WPForms is the best WordPress form plugin used by over 6 million websites. It was created by WPBeginner’s founder, Syed Balkhi, to have all the features we needed to run our business.
The first thing you need to do is install and activate the WPForms plugin. For more details, see this step-by-step guide on how to install a plugin in WordPress.
Note: While there’s a free WPForms version, you’ll need a WPForms Pro license or higher to use the Form Locker addon.
Upon activation, you can head over to WPForms » Settings from your WordPress dashboard and enter your license key. You can find the key in your WPForms account area.
After that, you will need to activate the Form Locker addon.
Simply head over to the WPForms » Addons page to install the Form Locker Addon.
Now, you are ready to create a new form with restricted access for logged-in users.
To do this, go ahead and create a new form by going to WPForms » Add New.
This will open the WPForms form builder, where you can choose a form template or start with a blank one.
You can start by entering a name for your form at the top and then selecting a form template.
WPForms’s drag-and-drop form builder is extremely easy to use, so you can add or remove fields and customize the form to your liking.
Plus, there are further options to customize each form field in the template.
Once you have added all the necessary fields, you need to go to the Settings tab.
From here, just click on the ‘Form Locker’ settings.
In this tab, you will see the option to enable password protection for your WordPress forms, set total entry limits, enable form scheduling, and enable restricting entries to logged-in users only.
Go ahead and click the toggle for ‘Logged in users only.’
Once you check the box, you will see a new Message field.
This is where you will need to draft a message that will appear to all users who are not logged in to your site.
Once done, you can tweak other form settings that you might need and then save your settings.
Now, you can embed this form on any WordPress post or page on your site using the WPForms block or a shortcode in the WordPress block editor.
Simply edit or add a new post or page. Then click on the ‘+’ icon to add a WPForms block.
Once the WPForms block is added, select your form to embed from the dropdown menu, and you’re done.
And that’s it! You have successfully created a WordPress form that’s restricted to logged-in users only.
Method 2: Restrict Form Access With Password Protected or Private Pages
Another way to restrict form access in WordPress is by using the default WordPress visibility settings. You can use this method with the free version of WPForms or any other contact form plugin.
Simply create a page or post where you want to embed the form. After that, you need to click on the ‘Status & visibility’ settings in the right panel.
You can either make the whole page private or password-protected.
Private pages can only be seen by the ‘Administrators’ and ‘Editor’ level users on your website.
If you set a password for the page, then you will have to share that password with everyone who needs access.
While this method works, there are several downsides to it.
First, the entire page is hidden, not just the forms area. You won’t have access to as many controls, and there’s no way to see which logged-in user submitted the form.
Method 3: Use Advanced Membership Plugins to Restrict Form Access
If you are using an advanced WordPress membership plugin like MemberPress, then it comes with a lot of access control features built-in.
For more details, you can see our detailed guide on how to create a membership site.
To restrict access, you can simply go to MemberPress » Rules and click ‘Add New’ to create a new permissions rule.
The rule edit page allows you to select different conditions and associate them with a membership plan.
For example, you can select all content that matches a particular tag or category and make it available only to members with the silver subscription plan.
You can also create more specific rules. For example, you can restrict a single post, page, child page, or URL.
Once you have set the rules, you can use them in combination with any WordPress contact form plugin to restrict form access to logged-in users only.
Bonus Tip: Force Users to Change Passwords in WordPress
Regular password updates are essential for keeping your WordPress site secure. In fact, weak or stolen passwords are a factor in 80% of data breaches.
New users often choose weak or reused passwords, which puts your site and its users at risk if a hacker gains access.
Forcing regular password updates isn’t just for admins; it’s important for membership users, returning customers, and multi-user sites, too. For example, clients or customers who receive passwords via email are especially vulnerable to phishing attempts.
For step-by-step instructions, you can refer to our guide on how to force users to change passwords in WordPress.
Additionally, you might be interested in how to force strong passwords on users to further reinforce your site security.
We hope this article helped you learn how to restrict your WordPress forms to logged-in users only. You may also want to see our list of hidden WordPress user data to grow your business and how to easily add a client feedback form in WordPress.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Jiří Vaněk
A great yet very simple method for a customer support form that limits questions to registered users only. At the same time, it immediately occurs to me that I can create a form on the website for users who send a donation as a certain bonus for priority communication (or as an motivation to send a donation). Thanks for the inspiration.