We are using BuddyBoss Platform Pro + Theme. Recently we also invested in the BuddBoss App (released earlier this year).
Our intent all along, was to create a membership site and have our subscribers pay for access to content. BuddyBoss highlights their integration with Memberpress extensively on their site, has integration features that support it, video tutorials about how to set it up etc. Memberpress is working well for us with BuddyBoss Platform Pro and Theme.
However, we have been unable to get it protect content in the BuddyBoss App (IOS and Android). I opened a ticket with BuddyBoss and after a week of no meaningful response - they offered the following:
As per checking with the development team here is the update:
For MemberPress, It does not protect blog posts in the REST API and > App is using REST API to show blog post in a Native way. So if the > MemberPress protect content in blog REST endpoint then blog post would not show in App as well.
Regards,
BuddyBoss Customer Support
We have a general rule in Memberpress that protects all Wordpress Posts. From this response, it appears that BuddyBoss did not consider that users of their App would want to protect the content, even though that feature is heavily promoted on their Platform and Theme value prop.
Is anyone else experiencing this issue, and does anyone have a suggestion to solve it? We already have thousands of users of the App, and they are getting free access to our content subverting our subscriptions business model.
So just to put a bit of context on BuddyPress answer. In short what Memberpress does is restricting the front end access, but any REST API request can still be performed, therefore anyone with a bit of knowledge can access your restricted content.
I'm not familiar with any of those services (BuddyPress) so the following answer is regarding the Wordpress REST API in general.
You can require authentication for all REST API requests by adding an
is_user_logged_in
check to therest_authentication_errors
filter which will block any external request, locking down your content for logged in users. This can be easily adapted to a specific role eg: when a paid membership is used.The following example will block any REST API request for non logged in user and non admin.