Hey @aperturedesign, I was unaware of a integration with Restrict Content Pro, thanks for the report!
I just released v13 with a fix, could you let me know if that worked? Just a heads up that it won’t fix any read values on RCP’s side, so ‘pending’ might still read as “approved” in their UI (not sure if they show that), as that’s beyond the purview of this plugin.
Thanks,
Konstantin
We are on the version 13 of WP Approve User and the latest version of RCP (3.5.57). We are still experiencing the issue where new registrations are immediately approved – I just performed a test registration and was able to login to the site immediately after without needing to approve the account.
Thank you for the heads-up @nathanrwordpress! I went ahead and created a PR in their repo with a fix. Hoping they get to it soon.
Just got a response from the RCP developer.
The proper fix for this is on its way. The change the developer proposed (the pull request you linked) is in review and will go into an upcoming Restrict Content release, so once that ships you will not need anything extra.
In the meantime, here is a snippet you can add right now to restore the gate. It re-checks the approval status using the new three-state values and blocks anyone who is not explicitly approved, covering both normally restricted content and anything protected with the [restrict] shortcode. You can add it with the free WPCode plugin (Code Snippets > Add Snippet > add your custom code, set the type to PHP, set it to "Run Everywhere", and make it Active), or drop it into a small mu-plugin or your child theme's functions.php:
add_action( 'init', function() {
$rcp_wpau_is_approved = function( $user_id ) {
if ( user_can( $user_id, 'edit_pages' ) ) {
return true;
}
$status = get_user_meta( $user_id, 'wp-approve-user', true );
return in_array( $status, array( 'approved', '1', 1, true ), true );
};
add_filter( 'rcp_member_can_access', function( $can_access, $user_id ) use ( $rcp_wpau_is_approved ) {
if ( $can_access && is_user_logged_in() && ! $rcp_wpau_is_approved( $user_id ) ) {
return false;
}
return $can_access;
}, 99, 2 );
add_filter( 'rcp_restrict_shortcode_has_access', function( $can_access, $user_id ) use ( $rcp_wpau_is_approved ) {
if ( $can_access && is_user_logged_in() && ! $rcp_wpau_is_approved( $user_id ) ) {
return false;
}
return $can_access;
}, 99, 2 );
} );
A couple of things worth knowing about how it behaves: it only ever denies access, it never grants it, so it is safe to leave in place even after the official fix lands.
