Setting Up Simple Restricted Access

The Guest Access feature gives you the ability to create a guest user and set which pages on your site can be accessed by that user. This feature is very useful in several scenarios including:

  • Building a new area of your site that must be reviewed by others before going public.
  • Creating temporary pages that need to be accessible by a limited number of users.
  • Restricting access to certain pages of your site.
  • Sharing certain information with a limited number of people.

Guest Access is a minimal version of our membership system. If you want to have individual log-ins for people to be able to access private pages, which is more secure and allows them to set their own passwords (and retrieve them when they forget them), you'll need to upgrade your account to add the membership feature.

Setting Up Guest Access

To set up Guest Access, you need to create a special user, and then you can assign pages to be private. To create the guest user:

  • Go to People > All Users and click Add Person.
  • Enter "guest" as the name.
  • For the email, you can use any email address that is not already being used for an admin account. This email address does not have to be real. We recommend using your domain name as in guest@yourdomain.com.
  • Click Save and Return to List

You should now see your new guest user listed in the table. Now we need to set the password for the guest account. If you used a real email address, then you could follow the link in the activation email. But if you used a made-up email address, then you need to set the password via the control panel:

  • Hover over the row that includes the guest user and click the Edit icon to the right.
  • Enter a password (twice) for the guest user. This is the password that visitors will need to use to access your protected pages.
  • Click Save and Return to List.

Your guest user is now ready.

Setting a Page to Require the Password

When creating or editing a page you can now make the page protected by choosing "<Protected>" in the "Access" menu at the bottom right and clicking Save.

When a visitor to your site attempts to view any such page, they will be presented with the login page, and they will need to know the password to view it.

Note: Files linked from the page, such as uploaded PDF files or images, are not protected, and can be accessed by anyone who knows the URL for that file.

Options for Your Login Page

You now have a functioning Guest Access system, but you may want to enhance the login page. With this minimal setup, people need to know both the email address for the username (e.g., guest@yourdomain.com), as well as the password. With a little more work, you can eliminate the need for this.

The login page is a regular page, like any other, so you can edit it by clicking on it in the page list (Structure > Pages). To find the login page, expand the System Pages group in the page list.

To modify your login page to pre-populate the email address field with "guest@yourdomain.com", change this line of code:


  <input  id="login" class="initial_focus" name="login" type="text" size="40"  />

Add value="guest@yourdomain.com" to this input element, as follows:


  <input  id="login" class="initial_focus" name="login" type="text" size="40"  value="guest@yourdomain.com" />

With this approach, you can still use the login page for logging in as an admin, by changing the value in the email address field.

Alternatively, you can modify your login page to not even show the email address field and always use "guest@yourdomain.com" by making that field a hidden field. Replace these two lines of code:


  <label  for="login"  class='left'>Email address</label>

  <input id="login" class="initial_focus"  name="login"  type="text" size="40" />

With this:


  <input  id="login" name="login" type="hidden" value="guest@yourdomain.com" />

If you make this change, you will not be able to log in to your admin account via /login because you won't have a place to enter your email address. But don't despair, there is a way! There is a system-supplied login page that you can always access at /dashboard or /a (the quick way).