Hey, I am currently building a site where I want to have 3 different types of users, each of which will have access to different types of content / custom post types / archives. The site will probably have a few hundred users by the end of this year – with registration disabled they will be manually added/imported. I am just wondering, as I have searched all over the internet but there is not much about this – is restricting content in custom theme just as simple as using is\_user\_logged\_in() function and checking their role enough to restrict access to all site content? I know that it is necessary to disable REST\_API for unlogged users and RSS. But what else can be done to make sure that the site content is not displayed/accessible from anywhere else but for the granted access user?
I am building this site using Oxygen so there is already a conditional display setting – there is not much in the documentation about whether this is 100% secure to protect certain content from being displayed to the public. Is this something I need to worry about or am I overthinking?
[ad_2]
The default is_user_logged_in (with role) functionality is how pretty much all user restricted content works on WordPress, so yes, it should be fine.
Use https://wordpress.org/plugins/restricted-content/ or similar plugin. You’ll have a better time.