Protect WordPress content based on KlickTipp tags - no membership required, cache compatible, and secure.
- ✅ Shortcode-Based Protection: Use
[taglock id="1"]...[/taglock]to protect content - ✅ Cache Compatible: Protected content is loaded client-side after verification
- ✅ Secure by Design: Protected content is not rendered into the initial HTML
- ✅ KlickTipp Integration: Checks subscriber tags via KlickTipp API
- ✅ Connection Health Monitoring: The plugin periodically checks whether the KlickTipp connection is healthy and shows a connected/disconnected status in the admin UI
- ✅ Modern Architecture: PHP 8.3, Symfony DI, React, WordPress REST API
- ✅ Extensible: Filter/action hooks for customizations and add-ons
- Upload the plugin to
wp-content/plugins/taglock - Activate it in WordPress
- Navigate to Settings > TagLock in WordPress admin
- Enter your KlickTipp username and password
- Save settings
Protect content with the shortcode:
[taglock id="1"]
Your protected content here. Only subscribers matching TagLocker #1 can see this.
[/taglock]
id(required): The TagLocker ID (configured in WordPress admin)message(optional): Custom message for denied accessloader_text(optional): Custom loading text
Important: Users access protected content via email links containing their subscriber identifier (subscriber_id) in the URL hash (not as a query parameter):
https://yoursite.com/page/#taglock_subscriber_id=12345
How it works:
- You send an email with a link to your protected page including
#taglock_subscriber_id=... - The page loads, React reads
taglock_subscriber_idfrom the URL hash - React stores it in LocalStorage and immediately removes it from the address bar
- Backend checks if this identifier has the required tag
- Content is displayed or access is denied
No user login required! The identifier is sufficient.
- Core/Plugin.php: Symfony DI container initialization
- Provider/KlickTippProvider: KlickTipp API integration
- Service/ShortcodeService: Shortcode registration
- Route/AccessCheckRoute: REST API endpoint for tag verification
- Route/TagsRoute: REST API endpoint that loads available KlickTipp tags for the admin UI
- Service/AdminMenuService: Settings page
- Service/AssetService: Asset management
- Controller/ActivationController: Plugin activation and scheduled connection checks
These endpoints are used by the admin UI and frontend loader:
POST /wp-json/taglock/v1/check-access- Batch access checks for protected contentGET /wp-json/taglock/v1/settings- Read settings (also includes connection status)POST /wp-json/taglock/v1/settings- Save settingsGET /wp-json/taglock/v1/rules- Manage TagLockersGET /wp-json/taglock/v1/tags- Load available KlickTipp tags (id => name)
- assets/src/admin/: Settings UI with WordPress Components
- assets/src/frontend/: Content loader with access check
The plugin provides hooks for customizations and add-ons:
taglock_access_denied_response: Modify response when access is deniedtaglock_access_granted_response: Modify response after access grantedtaglock_protected_content: Filter content before outputtaglock_settings_fields: Add custom settings fields
taglock_access_granted: Triggered when access is grantedtaglock_access_denied: Triggered when access is deniedtaglock_before_access_check: Before tag verificationtaglock_after_access_check: After tag verification
composer install
npm installnpm run build # Production build
npm run start # Development mode with watchnpm run lint:js # Lint JavaScript
npm run lint:css # Lint CSS
npm run format # Format code- WordPress 6.8+
- PHP 8.3+
- Composer
- Node.js & npm
GPL v3 or later
GoSuccess - https://gosuccess.io