As you probably know, Memberstack uses Javascript in the front end to prevent logged-out visitors from accessing gated pages and hidden elements. If Memberstack fails to load (javascript disabled, browser issue, etc.) then your content will not be hidden.
That said, you can follow these best practices below to ensure your site is as secure as possible. Or, you can use our hosted content feature to 100% secure HTML content that is stored in Memberstack.
- Never link directly from a public page to your gated content. Ideally, the only way a person can access gated content is by logging into their account and allowing Memberstack to redirect them. If you need to provide members with a link to access their content, you can use the data attribute
data-ms-action="login-redirect". That attribute will automatically populate with a member's login redirect if they are logged in. - Set your content visibility to display: none; by default. And then use the data-ms-bind:style attribute to change it to display block only after Memberstack has loaded.
- Make your URLs unguessable. This will prevent random visitors from landing on a page by mistake. For example,
/premium-299038902i3902n923n9023083/dashboard - Remove/modify your sitemap so search engines and savy visitors can’t see what pages are available on your site. This is a best practice when using Memberstack anyway. Here's how to update your sitemap in Webflow.
-
Add this code to your global site header or to your individual pages to redirect users with JS disabled. Change www.memberstack.com to your own website.
<noscript> <meta http-equiv="refresh" content="0; url=https://www.memberstack.com" /> </noscript>
When someone browses a page with this code in it and their Javascript is disabled, they will be redirected to the page specified in the code snippet.
If you do those 5 things, your site will be secured in the same way as Google Photos! Here’s one of my private photos to prove it.
Comments
4 comments
Hi Duncan Hamra,
I've been setting up my gated content on publicly viewable pages, as the purpose of it is that anyone can view the pages, but the 'ungated' content is like a preview snippet of the gated content, rather than a different page altogether.
Does that make it easy for someone to essentially 'hack' my gated content? How do I avoid this? I'm displaying blog content that on 'paid' blog pages shows a small portion that is freely available, and the rest is gated to promote signups to paid membership to read the full article......
I didn't particularly want to duplicate every paid article in entirety, but is that the only way to properly secure that data?
Cheers,
Andrew
Hey Andrew B, that all makes sense 👍
Yes, someone could disable Memberstack and then access your blog content (if they know it's there). I recommend hiding the premium content by default using CSS and then use the data-ms-bind:style="display:block" attribute to make it visible when Memberstack loads.
This is still not 100% secure, but in my experience it's secure enough for this kind of thing. Someone could, for example, pay for access download all of the content, and then issue a chargeback. On the bright side, this really never happens. At least I've never heard from any of our thousands of customers having this happen to them.
Hi Duncan, want to ask for clarity on a couple of things:
1) is a collection that has gated CMS items considered a "publicly viewable page"? Right now I have a collection that has both ungated and gated content within (for similar purposes to the poster above, that at least a logged-out member would see article titles that may be of interest as they click around), and the gates are set up with the "starting with" feature.
When a logged-out user clicks a collection item that is gated, it throws up the gate. They don't first proceed to the page itself, but the URL is still visible at the bottom of the browser (and often for a split second in the URL bar). Is this considered a scenario where it's a "public page" linking to gated content? If so, how would we prevent that from happening when ungated/gated content are all housed in one CMS collection?
2) I'm looking at eventually moving to what OP is describing above — some of the article visible, with the rest behind a gate. In this video on freemium content you discuss how to make that happen: https://www.loom.com/share/f222fc87c9e24f3bb752c6a3e434c4c2
I don't believe it mentions the need to hide the premium content content part here with CSS and a display attribute. Can you shed some light?
Thanks!
Great questions. 4min video here with some answers/thoughts. https://www.loom.com/share/14b08f3a08fc44a49ed6ea95e1731eff
data-ms-style:bind="display:block"
Please sign in to leave a comment.