Documentation for v8.7 and later


Before going through documentation chapters, thanks for purchasing PrivateContent and trusting LCweb!

Need further help?

Open a ticket

Need a customization?

Ask for a quotation


Once installed and activated you will be moved to the LCweb Dashboard.
It contains the summary of all LCweb projects with useful links and prompting you to validate them.

LC WP Dashboard

In fact you must link your domain with your license. The procedure is very quick:

  1. Go to the LCweb License Hub and register
  2. Login and navigate to the related product section
  3. Add a new license specifying the purchase code and the domain you will use it onto
  4. The system will give you an activation token

    LC Licenses Hub

  5. Use it in the LCweb Dashboard, on your website

Be careful using CACHE SYSTEMS. PrivateContent is based on dynamic content changes, then you MUST AVOID static cache systems (eg. WP Super Cache, WP Fastest Cache, etc).

On LCweb's website Cloudflare + LC Scripts Optimizer are used. In the past was used W3 Total Cache, but avoiding any static cache

On multisite WordPress installations the plugin must be activated individually on any subsite and every subsite will have its own users database

Initial Required Steps

Once plugin has been activated, there are a couple of mandatory steps required in order to use the plugin:

  • Create at least one user category
  • In plugin settings define the "Main redirect target for restricted pages" and the "Default category for registered users" into the registration tab

Once this has been done, PrivateContent will be ready to be used in all its sections.

Targeted user categories assignments

In user categories page you can now define WordPress users able to manage targeted privateContent users belonging to targeted categories

NB: WP users owning the "WordPress users interactions > Minimum role to manage users" role, are able to edit any PvtContent user.

Specific Settings Sections

As per LCweb's philosophy, PrivateContent contains a huge number of options to let you tailor it on your website and satisfy as many users as possible. Each option has got its legend aside: because of this in most cases you will learn to use it simply navigating among them.

However could be useful to learn a bit about few specific sections

Main Options > Users Private Page
These options refer to user personal page, or if you prefer, the reserved area. Targeted page contents will be overwritten for each logged user. Obviously you can also turn this feature off.
Main Options > Contents hiding system
These options refer to the "contents hiding" system, please check the restriction wizard section to know more.
Main Options > WordPress users interactions

This section defines how "normal" WordPress users will interact with restriction contents.

  • "Minimum role" refers on WordPress capabilities hierarchy. These users will also bypass any PvtContent restriction unless you check the "testing mode" option.
  • "PrivateContent admin" is a new user role introduced in PrivateContent v8 and should be used uniquely to create users able to manage one or more PvtContent user categories without having any olther WordPress capability
Custom Restrictions tab
This is a complementary system useful to restrict targeted site URLs not bindable by other restrictions systems and should NOT be used in other cases

WordPress User Sync


This system basically associates one mirror WordPress user to a PrivateContent user. This is essential to let them interact with WP-based systems (comments, woocommerce, etc). Users will still be managed through the privateContent interface.

  • To be synced, a privateContent user must have a valid and unique e-mail
  • Username and e-mail must not match with ones already used for existing WP users
  • You must not edit or delete synced wordpress users or you will lose the sync.
  • Once synced, you can't edit a privateContent username or e-mail. You must detach him before
  • For the same reason also User Data add-on custom forms won't have e-mail field if this system is enabled
  • Of course you can't be logged as WP admininstrator and as synced pvtContent user at the same time
  • Synced users will be able to log in/out also through wordpress forms
  • Detaching a user you will automatically delete the WordPress mirror

- Mirror WordPress users have got pvtcontent role and can't enter the admin area

- Additional roles can be emulated, adding capabilities to synced users.
This is managed in the related settings area

- Synced WordPress users are hidden in the WP users list: they must be managed through PrivateContent

Users registration

PrivateContent has got a lot of different options related to frontend user registration: because of this is strongly suggested to take a look into the "registration" settings tab.

Once you configured them as you prefer, it's time to create or customize your registration forms.
You can create unlimited forms to be placed anywhere in the website.

registration form builder

Once you have your form ready to be used, it's time to insert it in your pages: Check the "shortcode wizard"

HTML5 fields validation

PrivateContent has got an HTML5 form validation engine acting on client-side. This offers detailed error reports to user and avoid multiple server calls.

It also integrates with form sections. If fields aren't correct, user can't move to next form's section.

Anti-spam systems

By default PrivateContent has got an invisible "honey pot" system. It is almost secure as reCAPTCHA, anyway you can always choose to use this latter one.

PrivateContent integrates Google invisible reCAPTCHA. You are now asked to register on Google's site and insert site + secret keys.

Using WordPress forms

Using WP user sync system, you can also use any registration form you may have on your website to create PrivateContent users.

Newly registered users will be automatically turned into PrivateContent users, then be careful to which roles they're gonna have!

wpt to pvtcontent register

Import & Export Users

Since each user category and user page is deeply integrated with WordPress IDs, isn't possible to import exported users.The only way to completely move users is to move the whole site database.


The import system is available only if your server has got "allow_url_fopen" PHP.ini instruction enabled

The import system requires a precise a CSV file with 6 columns. This is the fields order:

name surname username password e-mail telephone
Additional notes:
  • Username and password are mandatory
  • Password must comply with strength settings
  • Username must be unique
  • E-mail must valid

Download demo CSV

Import WP Users

This system is available only if WP user sync is enabled

Just choose which user roles will be imported and which PvtContent user categories to assign.
Remember that sync can't be reverted without WP users deletion, then be careful to what you sync!


Select user status, file format and user categories you want to export.
The resulting file will be downloaded on your desktop.

Users private page

As written in the previous chapter, the very first settings section is about users private page, strictly personal contents different for each user.

User contents overriding method
By default the system will obly replace user contents injecting it in the container page's context. You can now replace the full page: this matches great with modern builders, allowing you to display totally different pages for users.
Inject user contents through placeholder method
Since version 8.7 you can also use the %PC-USER-PAG-CONTENT% placeholder to inject user contents in the container page. This is the best when you want to keep the container page layout (specially using builders) and just insert the dynamic contents.

Just paste that string wherever you want contents to appear. If user is not logged, nothing will be displayed.

Output user contents via shortcode
You can also avoid using the wrapper's page to output user contents. Through the [pc-user-pvt-page-contents] shortcode, you can place them wherever in your website. This could come very handy in combination with site builders.
Private comments
Using WordPress user sync system, PrivateContent gives you the ability to communicate with users directly on their private page. It must be synced and comments must be enabled on its private page.

Lightbox engine

PrivateContent has got a powerful lightbox engine you can use to pop up forms or notifications or whatever you need.
Just one note about contents: they are AJAX loaded, then using javascript-based elements, be sure they are ok.

In settings you'll find the related lightbox wizard.
Once added, you'll note two classes in the upper-right corner: trigger class and lightbox class.

Lightbox class

Wrapper class used in the lightbox, useful for CSS or javascript customizations

Trigger class

Is the class needed to launch lightboxes. In fact lightbox instances can be linked to warning box buttons, but only through these classes you'll be able to use them everywhere in your website.

Let's see implementation examples:

Trigger lightbox from WP editor (or any HTML code)

Use the editor in TEXT mode and add the CLASS attribute to the element you wanna use as trigger

lightbox in post contents
Implementing lightbox in WPbakery elements

In this screenshot a button has been taken into considereation, but almost any WPBakery's element has got an extra class field.
If you are using Elementor, just do the same in the related "element class" field.

lightbox on wpbakery
Trigger lightbox using a wordpress menu item

Simply add a "Custom link" menu using an hash as URL and any text you need.
Then, once added, expand the menu item and add the class.

FYI: if you don't see the class field, enable it through "Screen Options" flap, on top of the page.

lightbox attached to menu items

Shortcodes Wizard

PrivateContent is also natively integrated with with WordPress Block Editor (Gutenberg), WP Bakery, Elementor and Divi.

Using them, you can skip the standard shortcode wizard and use the related PrivateContent tool.

For any other builder or using the old WordPress editor:

Let's analyze all available shortcodes and their parameters:

Private Block

[pc-pvt-content allow="all" block="" warning="1" message="1" login_lb="" registr_lb=""][/pc-pvt-content]

Used to hide specific page contents. Might show a warning box or just nothing

allow allows specific user categories (using IDs split by comma) or any user using all
block blocks specific user categories. Acts only if you are allowing specific user categories (optional parameter)
warning boolean flag to display/hide the yellow warning box (by default is shown) (optional parameter)
message custom message to show in the warning box (by default is the one specified in the settings) (optional parameter)
login_lb lightbox instance ID attached to "login" button. By default follows global option (optional parameter)
registr_lb lightbox instance ID attached to "registration" button. By default follows global option (optional parameter)


Login Form

[pc-login-form redirect="" align="center"]

Simply displays login form (NB: obviously it won't be displayed to logged users)

redirect defines a forced custom redirect for this specific form (optional parameter)
align defines form alignment. Possible values: center, left, right (optional parameter)


Logout Box

[pc-logout-box redirect=""]
align defines form alignment. Possible values: center, left, right (optional parameter)

is possible to perform the logout by adding ?pc_logout to any site's URL. Example:


Registration Form

[pc-registration-form id="" layout="" custom_categories="" redirect=""]

Used to display the registration form

id registration form id (if not specified, first registration form will be used)
layout set form layout between one_col and fluid (by default is used what set in settings) (optional parameter)
custom_categories defines a forced custom category or multiple categories (comma split) for registered users. It's discarded if you have categories field into the form (use categories ID) (optional parameter)
redirect defines a forced custom redirect for this specific form (optional parameter)
align defines form alignment. Possible values: center, left, right (optional parameter)


User Deletion Box

[pc-user-del-box redirect="" align="center"]

Allows user self-deletion from frontend

redirect defines a forced custom redirect for this specific button (optional parameter)

Restrict Contents

By default any wordpress user can access any restricted content except users private pages.

You can change this behavior in the plugin settings:

  • Limiting it to specific user roles with the "Minimum role to use the plugin" option

  • Deactivating it enabling "testing mode" option. In this way also WP users have to log into PrivateContent

Understanding the restriction engine

PrivateContent restrictions are essentially based on user categories.
Advanced users might extend this behavior using plugin's API and introducing new checks though.

In any restriction block you will be asked to specify who can access specific contents. Leaving restriction options empty, no restriction will be applied.

A user can access restricted elements if he belongs to AT LEAST one condition.
For example if you allow "user category 1" and "user category 2", users belonging to "user category 1" OR "user category 2" will be able to access them.

You might be able to also block specific users, among allowed ones.
For example if you allowed "any logged user" and blocked "user category 1" and "user category 2", users belonging to "user category 1" OR "user category 2" won't be able to access contents.

Restrict Targeted Page Contents

Through "Private Block" shortcode you can restrict targeted contents inside any page or post.
Is useful to create dynamic switches. For example: show content X to unlogged and show content Y to logged.

If you use Gutenberg (the default WordPress visual builder) or Elementor you can also set every block's visibility


gutenberg blocks restriction


elementor widgets restriction

Restrictions wizard

It's the main PrivateContent tool to manage your restrictions. It is shown in any linked post type and taxonomy: by default for posts, categories and pages.
Remember you can extend this to custom post types and taxonomies by selecting them in settings!

An essential concept to understand is inheritance. These restrictions are inherited starting from categories, passing to parent post and ending with child post.

Then you can easily restrict multiple subjects by restricting a category or a common parent page.
Let's analyze its systems:

Contents Hiding

This system acts uniquely on contents, leaving posts searchable, indexable by search engines.
Contents can be replaced with different options, to be chosen in settings: a warning box / no contents / the excerpt / excerpt + warning box / custom contents.

If contents are hidden, also comments will.


Simply set comments visibility. Optionally you can also replace them with a warning box.
This system is usable only if WP user sync is enabled (otherwise pvtContent users won't be able to interact with comments)


The most powerful privateContent restriction: totally hides elements making them unreachable and redirecting blocked users to a predefined page.
It will be totally removed from wordpress queries: won't be searchable nor indexable and will be also removed from menus.

Be careful setting main redirect target in settings: it MUST BE NOT restricted through this system or browser will fall into an infinite loop.

Lightbox on page's opening

FYI: This is a javascript-based system, then IS NOT a safe system to hide page contents. An advanced user could block javascript execution and reach contents underneath

This system will apply a persistent modal lightbox on page's opening.
Contents will be shown but covered by a lightbox that might contain anything (check the related documentation's chapter)

WooCommerce Products Purchase Lock

This section is available only if WooCommerce plugin is enabled

This restriction acts uniquely on external (not logged) users and basically hides product prices replacing them with a customizable text.
In addition, targeted products will be prevented from purchase if users are not logged in PrivateContent.

You can globally restrict any product by flagging the related settings option or use the Restrictions Wizard field to set which one is locked or not locked.

The restriction inheritance is identical to the one applied with redirects:

  • single products inherit associated category restrictions
  • child product categories inherit parent restrictions
  • setting a specific value for a product or a category, the inheritance stops

Hidden price will be replaced by this default text "Login to see the price and purchase".
This can be changed in the related settings option.

Custom Restrictions

Within PrivateContent settings, you can also set custom restrictions, based on pages URL.

url-based restrictions

You can use a full URL or a regular expression, allowing you to control multiple pages at once.
In this image, for example, first restriction targets a single page while second one restricts any page having "category-y" in URL.

Menu Items

Each WordPress menu item can be restricted, just expand its aspect and you will see the related field

The field is attached to existing menu items. Be sure to save newly added items!

menu items restrictions


widgets restriction

PrivateContent integrates also in WordPress widgets management area, allowing you to restrict every widget.
Just specify which user categories will be able to see them.

Complete Site Lock

There's also a radical restriction option, to hide every website page, except the main redirect target (generally used for the login). You can find it in settings (main options tab)

1-click site lock

Google Analytics integration

You can track every step a logged user makes on your website, thanks to the native Google Analytics implementation.

Please note Google prevents the usage of specific names/e-mails attributable to subjects.
Because of this a user-id-based string is used.

Universal Analytics integration (discontinued by Google on July 1st 2023)

Just inset your tracking ID code and the plugin will start tracking users.

Implementation is done on PHP side, privateContent DOES NOT add the javascript tracking code into your website since almost any theme has got this feature or customers already use specific plugins for this.

Analytics integration

As written under the field, you must create a new view to enable users tracking.
Is an analytics requirement and this new view will report ONLY logged users activity


Analytics 4 integration

The new Analytics built is much more complex than before and involves various IDs, tokens to be set up:

Analytics 4 integration

Measurement ID
Follow the Google guide to get it
API Secret Key
ga4 API Secret Key
In the same screen where you get the "Measurement ID", click on the "Measurement Protocol API secrets" menu, create a new key and use it
Google Tag Manager ID
Follow the Google guide to get it

Once saved, PrivateContent will setup the "pc_user_id" tag to start the User ID tracking and create specific events.
Remember to include Google Analytics and Google Tag Manager codes into the website (check the related plugin option or do it through another plugin).

Final step: Google Tag Manager must track the "pc_user_id" parameter and associate it to the User ID tracking.
Please follow the video to know how to do it:

Public API - Extend it!

PrivateContent is a dev-oriented plugin, ready to be extended and tweaked in any way you need.
Check the Public API documentation and knowledge base to understand how.


The plugin is 100% multilanguage for both front and back ends. If a translation of your language has been created, WordPress will automatically switch between languages.
Plus it is compatible with WPML, Polylang and qTranslate!

How to create a translation

If you have WPML + String Translation add-on or Polylang, you can simply scan the plugin and translate strings via its UI.

Otherwise: go in the plugin folder, you'll find two folders called "languages" and "lang_admin".
Inside you'll find the default.pot file. It contains english strings to be translated.

If you want to create or customize your language translation, follow these steps:

  1. Open the default.pot file with POedit
  2. Edit the catalog by inserting your data and setting translation's language
  3. Save the file with your language's i18n identifier and "pc_ml-" prefix (the italian example is mg_ml-it_IT)
  4. Go to the plugin folder ".. wp-content/plugins/private-content/languages" or ".. wp-content/plugins/private-content/lang_admin" and paste and paste resulting .PO and .MO files

If you create new translations, please contact me at [email protected] sending your .PO and .MO files.
Otherwise they will be lost in next updates. Thanks!

Existing Localizations (frontend):
Afrikaans (South Africa) To be completed
Argentine To be completed
Brazilian To be completed
Croatian To be completed
Czech To be completed
Danish To be completed
Dutch 100% translated
Estonian To be completed
Finnish To be completed
French 100% translated
Georgian To be completed
German To be completed
Greek To be completed
Italian 100% translated
Norwegian To be completed
Persian (Iran) To be completed
Polish To be completed
Romanian To be completed
Russian To be completed
Slovak To be completed
Spanish To be completed
Swedish To be completed
Turkish To be completed

GDPR Infos

This chapter is addressed to users having to deal with GDPR european law and will briefly give you informations about users data management to adhere with european standards:

  • User data are kept uniquely on your server, in a custom database table (and data is mirrored on WP users table if you are using WP user sync system)
  • Passwords are stored using the WordPress hashing system and can't be retrieved nor viewed by anyone
  • Users can totally remove their data from the website using the related box (check shortcodes section)
  • The only cookie used is named "pc_user" and is used to keep user logged in
  • There are other operative cookies you should mark as mandatory in "cookie consent" forms: "pc_remember_login", "pc_session_token" and "pc_last_restricted_page"