I’ve honestly looked at about a dozen membership solutions, from $15k per annum hosted solutions through to free plug-ins, and I’d honestly hoped I was past this bit of the project. But before launch would be the time to change my mind if I’m going to…
If you want any assistance you can always ask here.
I look after a number of private communities and have seen pretty much every permutation of CMS, SSO and membership product over the past five years. A number of us can assist on your overall architecture if you’re interested in a more formal engagement via the #marketplace.
I’d go with solid. It does the trick but there are some weird fluky things about it overall. My integration with Discourse is one of the primary things that I need to improve. Would be happy to exchange some DMs if you have questions.
So the easiest method seems to be to just disable email verification if I want to make things straightforward. The downside to that would be that people could “hijack” someone’s account if it is already existing and they sign up for WordPress using the existing email, right?
Yes, that’s the risk. If your WordPress registration process allows users to register and login to your site without having to confirm their email address, then users can signup with any email address that doesn’t already exist in your WordPress database.
In terms of SSO, the main risk in marking unverified email addresses as verified is that an account that exists on your Discourse site that is not yet associated with a WordPress account could be taken over.
I looked at a couple of the add-ons that I’d need, and at first glance they seem a bit more complex to install than I’m comfortable with. Given that I’ve already paid for Memberpress, PMP would have to be significantly better than Memberpress to make it worth switching and paying again, and I’m not quite sure that it is!
At the moment, when a user subscribes, they are automatically added to a Members group in Discourse to give them access to our locked categories.
So when a user cancels their subscription in Memberpress, is it possible for that to be passed through to Discourse to remove them from the Members group, so that they can only access the public content?
There are a couple of ways that users can be added to and removed from groups. The easiest way to do it is to use the add_groups and remove_groups SSO parameters. That approach is outlined here: Bring over permission level from WordPress MemberPress. The issue with this approach is that it requires users to log out and log back in again before their group memberships will get updated.
The other approach is to use the add_user_to_discourse_group and remove_user_from_discourse_group functions that are outlined in this topic: Managing Discourse group membership with WP Discourse. The benefi of that approach is that it’s not dependant on the user logging out - their membership levels will be changed as soon as the functions are called.
The biggest risk I can think of would be if something goes wrong during the import process. It would be good to test it out the process with a throw-away gmail account before importing all of your users. That will also let you see what the password reset process will be like from the user’s point of view.
No, you do not need to enable either of those webhook settings. The SSO Provider code will take care of that for you.
You may want to enable the ‘Create or Sync Discourse Users on Login’ option that is found on the SSO Provider tab. When that setting is enabled, Discourse users will be automatically created when a user first logs into WordPress. Enabling this setting isn’t required to deal with the users you are importing into WordPress from Discourse.
Yes, existing WordPress users who do not yet have accounts on Discourse will have accounts created for them when the first login to Discourse with SSO.
If you would like Discourse users to be automatically created before users login to your Discourse site, enable the ‘Create or Sync Discourse Users on Login’ option on the plugin’s SSO Provider tab. This will cause Discourse users to be created when they login to your WordPress site.