Allow a privacy policy to be seen by non-members


I’m using s2Member Pro to manage a members site. I restrict all of the site using URI restrictions: ‘/’ for Level #1 or higher. This works fine. People register and submit information, confirm their account, and are active as ‘subscribers’. We then check they are ok to join, set them to Level #1 and they then have a Guest period and they are able to access the forms to pay.

However, when they sign up they also need to be able to see a Privacy Policy, to agree to the terms. Is there a way to do this? If not, can I suggest it might be useful to have an option to add a publicly available Privacy Policy page?



Just add a custom registration field via s2member admin. Your T&Cs field can be set to mandatory so they must check the box and you can set it so they can’t edit it from their profile post-registration.

Hi Tim, thank you. Yes, it’s not the checkbox that’s the problem. It’s the fact that they can’t see the privacy policy page because it’s restricted by the rules. I think I may need to copy the policy text on to the registration page. But it would be cool if it was possible to make an ‘always visible’ privacy policy page.

Why is your privacy policy restricted. It is just a normal page on the site! Your custom field in the registration page includes links to your terms-and-conditions and your privacy pages.

Have you set s2member to protect all pages? If so…don’t…or if you have to for some reason, then whitelist the home page, privacy page, T&Cs page, contact page and any other page that is normally public.

The whole site is for members and I am restricting everything. How do I whitelist pages in this scenario? Thanks.

If you have protected all pages on the site you should whitelist all pages you consider public like privacy and T&Cs and the home page.

Hi Tim,

Yes, I just don’t see how to do that in the settings. I have restricted the site using the URI restrictions. Should I be doing this another way?

Turn off your URI restrictions and do the follow:

  • set registered users to Level1
  • protect pages that need protecting to level 1 (each page has a metabox that you can use to protect them)
  • you can protect all posts and media (just go through the admin options…you’ll find it.)

Thanks, Tim. I think the short answer is that what I want to achieve isn’t possible. We have users adding pages and I don’t want to put the security of the site in their hands (they can be trusted to leave the s2member admin settings alone). Thanks for trying to help here.

If that’s what you want then

  • unrestrict URIs
  • restrict all pages , posts and media
  • whitelist the pages you want public.

Yes, thanks. Still not clear how to do that.


I’ve read that. can you please point me to the relevant documentation on whitelisting that you mention? Thank you.


Yes, I’m aware of how the standard restrictions work. I see no mention of a whitelist in the documentation.

Apologies @jemima - I had a false memory of a whitelist. Sorry for having steered you into a dead-end.

You have raised a very interesting question and definitely identified a large deficiency in s2memeber from my perspective. The lack of a whitelist is definitely a serious deficiency but there is a work-around with some minor pre-structuring of the site on your part using the following two plugins. (Create Custom Post Types) (User Role Editor)

Both are extremely useful. I have both these capabilities installed on all my sites.

Here’s how you can accomplish your goal.

  1. Add a custom post type (CPT) called protected-pages
  2. Restrict all roles except administrator to edit / add / delete capabilities for protected-pages (so only the administrator can add / edit / delete WordPress pages)
  3. In S2Member under Post Access restrictions enter ‘all’ at level0 to restrict all posts of all types to logged in users
  4. Enable Alternate View Protection

Your home page and all pages you create as administrator will be public. All protected-pages (CPT-based pages) will be protected by default. Your blog will be protected.

CAVEAT: s2member does not protect the media associated with protected pages / posts. So images on the protected pages / posts would be accessible by non-members if they knew or guessed the urls. Although the addition of a s2member uri restriction for /uploads would probably do the trick this would prevent images on your public pages (including your home page) to be seen by people who are not logged in. Getting around that would require your protected pages to only embed s2member protected images which you find under Download Options / Advanced Download Restrictions.