Plugin Directory

Test out the new Plugin Directory and let us know what you think.
!This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

BuddyPress Private Community

This plugin makes your BuddyPress community private. Only logged in members can view the social areas in full. You can configure the default settings.

Why isn't my config file working?

99% of the time is because you didn't save the config file in the correct place.

You MUST save the file in a new directory, not in this plugin's folder structure, but in the main plugins folder.

// You MUST save the file here:



This is to ensure that your config setting are not deleted when you update the plugin in the future.

See "How can I override the default settings?" for information about the setting that you can change.

How can I override the default settings?

You can create your own config file (that won't be overwritten when you update this plugin) that stores your preferred settings. To stop this file from being overwritten when you update the plugin, you have to create a new folder, called "buddypress-private-community-config", in the WP wp-content/plugins/ directory (NOTE: this is not in the wp-content/plugins/buddypress-private-community folder to avoid overriding the file on update) and create a file called "mm-buddypress-private-community-config.php" in the new folder. Because the file is in a seperate folder to the plugin, the config file won't be overwritten when you update the plugin later. Also, this method means no database calls are needed to run this plugin. So, it should be a fast plugin.

Here is an example config file, that should be saved in the new config directory. It might look confusing at first, but in most cases you only need to use some of these settings as required. See FAQs "How can I allow members to automatically register to my private community?" for a simple config file that allows user to register to your site.

 * BuddyPress Private Community: User Config File
 * This must be saved here:
 *  - /wp-content/plugins/buddypress-private-community-config/mm-buddypress-private-community-config.php
 * IMPORTANT NOTE: The config file SHOULD NOT be contained in this plugins folder, it should have its own folder in the plugins directory as shown above.
 * This is to stop the file from being overwritten when the plugin is updated, and so no database calls are needed.
 * See FAQs and forum for more examples of config file setups. You'll need a config file if you're not running your BP community from the root of your domain or sub-domain.
 * http://buddypress.org/community/groups/buddypress-private-community/home/
 * You can change the below settings:

 * There are 2 modes:
 *      - Blocks all pages/URIs apart from them listed in the ::$ALLOWED_URIS array from logged out users.
 *      - Widgets can be unblocked by adding their ids to the ::$ALLOWED_WIDGET_IDS (when ::$BLOCK_WIDGETS=TRUE)
 * 2, ::$MODE = ::MODE_BLOCK_NONE_AND_NOT_ALLOW_SOME_URIS (opposite to the above mode)
 *      - Doesn't block any pages from logged out users apart from the URIs listed in the ::$NOT_ALLOWED_URIS
 *      - Widgets can be blocked by adding them to the ::$NOT_ALLOWED_WIDGET_IDS

 * If your community isn't on the root of your domain or sub-domain then you should set the ::$WP_SUB_FOLDER to the directory of your community.
 * e.g. http://my-domain.com/{my-wp-installation}, then ::$SUB_FOLDER=''
 * e.g. http://my-domain.com/sub-folder-name/{my-wp-installation}, then ::$SUB_FOLDER='sub-folder-name'
 * e.g. http://my-domain.com/sub/folder/name/{my-wp-installation}, then ::$SUB_FOLDER='sub/folder/name'
 * Note, don't use a start or trailing '/' otherwise the plugin won't work.
//MM_BUDDYPRESS_PRIVATE_COMMUNITY::$WP_SUB_FOLDER                   = 'my/private/community';
 * $ALLOWED_URIS is an array of URIs that are accessible to everyone.
 * URIs should start with a '/' but not end with a '/'.
 * E.g.
 *  - '/about' is OK, but '/about/' isn't valid!
 *  - '/about?page=info' is OK too
 *  - '' is the HOMEPAGE, 
 *  - '/' is INVALID!
 * You can now also use the special character '*' at the end of your uris to allow access to greater areas of your site.
 * E.g.
 *  - '/about/*' allows access to '/about/contacts' and '/about/public-page' but doesn't allow access to '/about'!!! You should add '/about' seperately.
 *  - '/public*' allows access to '/public/posts' and '/public-not-really-public/private-posts'
 *  - Array('/welcome', '/welcome/*', '/welcome?*') allows access to '/welcome/new-member' and '/welcome?message=new-member' but not access to '/welcome-new-member'
 * $ALLOWED_URIS must be an Array. All of the URIs listed will be accessible to all logged out users.
 * This array must contain the REDIRECT_TO_URL's URI, otherwise you'll get an infinite redirect loop!
 * E.g. This is OK as '/landing_page' is in the URIS array and is the REDIRECT_TO_URL page too.
 * MM_BUDDYPRESS_PRIVATE_COMMUNITY::$ALLOWED_URIS       = Array('/landing_page', '/info', '/contacts');
 * MM_BUDDYPRESS_PRIVATE_COMMUNITY::$REDIRECT_TO_URL    = site_url() . '/landing_page';
 * Default = Array('') (Your homepage)
MM_BUDDYPRESS_PRIVATE_COMMUNITY::$ALLOWED_URIS          = Array('/contacts', '/about', '/welcome');
 * Used in the ::MODE_BLOCK_NONE_AND_NOT_ALLOW_SOME_URIS mode only. List of URIs that should be blocked.
 * Note, you should use the special char * to stop access to all sub folders and query strings.
 * array('/private', '/private/*', '/private?*') or array('/private*')
 * Currently the REDIRECT_TO_URL cannot include a '?' in the URL! 
 * This would result in an infinite redirect loop!
 * E.g.
 *  - "site_url() . '/info'" is OK, but "site_url() . '/info?page=landing_page'" would result in an infinite redirect loop!
 * Obviously, this URL should exist on your site or on another site, if required.
 * Default = site_url() (Your homepage)
MM_BUDDYPRESS_PRIVATE_COMMUNITY::$REDIRECT_TO_URL       = site_url() . '/welcome';
 * This string will be used to trigger redirects after a user logs in. This should be a unique string that won't clash with other query strings.
 * E.g. 
 *  - REDIRECT_HOOK = 'my-redirect-hook';
 *  - You'd get a URL like this when a logged out user tries to access a private page, 'http://my-domain.com/members':
 *      - http://my-domain.com/about?my-redirect-hook=/members where "site_url() . '/about'" is your REDIRECT_TO_URL
 *  - Now, when the user logs in, they will be automatically redirected to the 'http://my-domain.com/members' page that they just tried to access.
 * Default = 'bp_pc_redir_to'
 * If true, this blocks all BuddyPress and WordPress sidebar widgets from displaying when the user is logged out.
 * Selected widgets can be displayed by adding their ids to the ::$ALLOWED_WIDGET_IDS.
 * Default = TRUE

 * A list of widget ids that are allowed to be displayed. All other widgets are hidden when ::$BLOCK_WIDGETS=TRUE.
 * E.g. Array('calendar-2'); where calendar-2 is a widget id.
 * Widget ids can be found be inspecting their html, e.g <div id="calendar-2">{WIDGET}</div>
 * @var Array
 * A list of widget ids that are not allowed to be displayed. All other widgets are displayed.
 * E.g. Array('calendar-2'); where calendar-2 is a widget id.
 * Widget ids can be found be inspecting their html, e.g <div id="calendar-2">{WIDGET}</div>
 * @var Array
 * This blocks all BuddyPress and WordPress RSS feeds if TRUE.
 * Default = TRUE
 * This allows you to give access to all the RSS feeds when the user is logged in.
 * You can set your own feed messages that will be shown instead of your private content.
 * $USE_CUSTOM_FEED_MESSAGES must be set to TRUE otherwise the default messages will be shown.
 * If you set $USE_CUSTOM_FEED_MESSAGES = TRUE, then you must set the following variables:
//MM_BUDDYPRESS_PRIVATE_COMMUNITY::$FEED_CHANNEL_DESC           = 'This is a private blog. All feeds are disabled.';
//MM_BUDDYPRESS_PRIVATE_COMMUNITY::$FEED_ITEM_TITLE         = 'My Blog (All feeds are disabled)';
//MM_BUDDYPRESS_PRIVATE_COMMUNITY::$FEED_ITEM_DESC          = 'This is a private blog. All feeds are disabled.';

What other changes should I make to WordPress and BuddyPress to ensure my community is private?

You might also like to change these settings in WordPress and BuddyPress:

  • BP Setting: Hide admin bar for logged out users? = YES
  • WP Setting: Membership - Anyone can register? = NO
  • WP Privacy Settings: Site Visibility = I would like to block search engines, but allow normal visitors

If you'd like to ensure that users don't stay logged into your site after a set period of inactivity (for security reasons), then you could use this plugin:

How can I allow members to automatically register to my private community?

To allow registration to your community using the native BuddyPress forms, you should include these URIs in the allowed list.

// If you're running WP/BP from a sub folder, set this value to direct the plugin to the correct place.
// Don't set this or set it to '' if your WP/BP site is at the root of your domain or subdomain.
//MM_BUDDYPRESS_PRIVATE_COMMUNITY::$WP_SUB_FOLDER                   = 'my/private/community'; // for http://www.my-domain.com/my/private/community/(BP SITE)
'/my-landing-page',       // Where "/my-landing-page" is your default landing page of choice - this must match your your choice of ::$REDIRECT_TO_URL.
'/another-allowed-uri',   // (Optional extra uri(s)) any other page(s) you'd to make public to non-members
'/register',              // Allow access to the registration form
'/activate?key=*'             // Allow access to the account activation URIs. The wildcard character * allows all activation codes to be accepted as valid URIs.
MM_BUDDYPRESS_PRIVATE_COMMUNITY::$REDIRECT_TO_URL       = site_url() . '/my-landing-page';
//MM_BUDDYPRESS_PRIVATE_COMMUNITY::$REDIRECT_TO_URL     = site_url() . '/register'; // This would redirect all logged out users to your registration page.

Just add something like the above to your config file and all should work fine.

Note that, if BuddyPress changes its activate URI in the future, then of course this code would also have to be updated.

How can I allow a widget to be displayed to logged out users?

This can be done by adding the widget's id string to the ::$ALLOWED_WIDGET_IDS array. E.g.

// This line will let the widget with id=calendar-2 to be displayed when logged out users visit your site.

You can find the widget's id by looking at your site's source HTML. The widget id should be shown in the widget's main div. E.g.

<div id="calendar-2">
    // calendar widget!

You can add more widget ids easily:

MM_BUDDYPRESS_PRIVATE_COMMUNITY::$ALLOWED_WIDGET_IDS     = Array('calendar-2', 'calendar-3', 'hallooo-widget-2');

Similarly, you can hide widget in the alternative mode in a similar way - e.g.

// Used in alternative mode only. (::MODE_BLOCK_NONE_AND_NOT_ALLOW_SOME_URIS)
MM_BUDDYPRESS_PRIVATE_COMMUNITY::$NOT_ALLOWED_WIDGET_IDS    = Array('private-widget-2', 'top-secret-widget-1');

What is the redirect hook for?

The redirect hook is used to redirect a logged out member to a private page they tried to access when logged out. The redirect happens after they login.

This is important for when a member gets an email with a link to somewhere on the community that is private. If the member clicks on this link and isn't yet logged in, then they will be redirect to the default landing page.

When this happens, you notice that the redirect hook can be seen in the url, and it points the page that the member tried to access. Now, when the user successfully logs in, the plugin automatically handles a redirect to the page that the user originally tried to access.

This means the user doesn't have to go back to their emails and find the link again as the redirect is handled for them.

You can change the key word/string used as the hook in the config file.

How private will my BuddyPress community really be?

Well, access to your community through PHP pages will be blocked to logged out users, but your images and uploaded files will still be accessible via their URLs as no PHP code is blocking access to jpgs, xls. etc... You'd need to take other security measures if you want to protect your uploaded files.

But, as it's a private community, non-members won't know the URLs to these uploaded files - so they should be fairly safe from the outside world.

You might like to look into .htaccess configurations for extra security of your uploads.

What is the redirect hook in the URL used for?

When a logged out user tries to access a page that is private, they will be redirected to the default redirect URL with an extra redirect query hook in the URL to the private page.

This means that the private page's URI is stored in the URL for later reference. If the user now logs in to the site, they will be automatically redirected to the private page they just tried to access.

This is great for when you're sent a link to a private page in the community, but you're not logged in yet. You simply log in through the BuddyPress login form and you'll be taken to the page you wanted to see straight away.

Can I use this plugin with PHP 4?

Sorry, this plugin only works with PHP 5. WP and BP and moving to PHP 5 only, so we currently have no plans to make this plugin available for PHP 4.

I'm getting a parse error!

If you can a parse error like below:

Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}' in mm-buddypress-private-community.php on line 39

This normally means you're not running PHP 5. This plugin requires PHP 5.

If this wasn't the problem, then you should try installing the plugin again. I've had one report where re-installing the plugin after getting this error fixed the bug - maybe from a bad download or something.

I'm getting an infinite redirect loop error!

This normally means your config file isn't set up correctly.

You must make sure that your redirect url is a public page. E.g. here is a simple config file:

// Here we make a BP page called 'welcome' th default redirect page, and make this a public page to avoid an infinite redirect loop.
MM_BUDDYPRESS_PRIVATE_COMMUNITY::$ALLOWED_URIS          = Array('/contacts', '/about', '/welcome');

Note that the redirect URL is set to the 'welcome' page. This page must be in the ::$ALLOWED_URIS, as can be seen above.

If the '/welcome' URI is removed from the ::$ALLOWED_URIS array, then an infinite redirect will occur.

Requires: Only tested on 2.9+ (Requires PHP5) or higher
Compatible up to: 3.1 & 1.2.8
Last Updated: 6 years ago
Active Installs: 200+


2.5 out of 5 stars


Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 17,6,1
100,1,1 100,2,2