I’m using Patreon Wordpress on my membership site to gate content. There is a small amount of content open to the public but the rest is protected for Patreon members. All seemed well — if someone clicks on protected content, they can’t view it and are instead brought to the sign-on page where they can enter their details or click the ‘Log in with Patreon’ button. That’s all as it should be.
However, I’ve discovered that I can click that Log in with Patreon button and gain access to my site using any Patreon account.
Even if the Patreon account is not subscribed to my Patreon, it will still gain access to my site as if it were. A Wordpress account will be created locally for the Patreon account and it will have all the access an actual subscriber/member would have. To test I’ve installed a new browser, created a brand new Patreon account and used that to log in to my site and see all content.
Just to summarise that, any Patreon account — even if not subscribed to my Patreon — can log in to my site. No pledges or association with my Patreon membership is required.
My site is up to date on Wordpress and your Patreon plugin.
Patreon users being able to log into your site via Patreon is expected behavior. That is in case you meant registration and log in by ‘accessing my site’. If any Patreon user is able to access content that is locked by a certain tier, then that’s a problem. If so, let me know. But unless you want to make your site’s registration and login for patrons only, you dont have any issue at this moment. If you want to do so, the pro upgrade to the plugin provides login locking by tier.
Thanks for the response and apologies that I misunderstood this behaviour. It doesn’t feel intuitive for me to think that anyone with a Patreon account can register and log in to any site running the plugin but, if that’s the way it is, that’s the way it is.
However, that said, I am seeing issues where these users are able to access content that should be locked. The content is BuddyBoss forums and discussion posts. Even if locked to a tier amount, the test Patreon user I created can register, login, and view this content.
anyone with a Patreon account can register and log in
Anyone with a Patreon account can register & log in if you let them to. If you lock registration & login to only paying patrons, only they can register & log in.
If BuddyBoss forum posts are not using the_content filter while processing the posts, then this might be the case. Try to confirm whether it is using the_content filter or not - either by its documentation or by contacting the developers.