XYZ Age Verification Free — Installation Guide
Everything you need to go from plugin download to a working age gate on your WordPress site.
Before You Begin
Make sure you have the following ready:
- WordPress 5.6 or higher running on your server
- PHP 7.4 or higher
- HTTPS enabled on your site (required for secure cookies and the verification API)
- Cloudflare proxying enabled for your domain (free plan or higher) — this provides the geo detection headers the plugin depends on. See the Cloudflare Setup Guide if you haven't configured Cloudflare yet.
- FTP or file manager access to your WordPress installation (needed for the MU plugin step)
Step 1: Install the Plugin
Option A: Upload via WordPress Admin
- Download the
xyz-age-verify-free.zip file.
- In your WordPress admin, go to Plugins > Add New > Upload Plugin.
- Choose the ZIP file and click Install Now.
- Click Activate Plugin.
Option B: Manual Upload
- Unzip
xyz-age-verify-free.zip to get the xyz-age-verify-free folder.
- Upload the entire folder to
/wp-content/plugins/ on your server.
- In your WordPress admin, go to Plugins and activate XYZ Age Verification Free.
Step 2: Get Your API Key
You have two options:
Option A: Register from the Plugin (Recommended)
- Go to Settings > Age Verification.
- Under "Get Started with a Free Plan," enter your email address.
- Click Start Free Plan.
- Check your email for a confirmation link — click it to activate your key.
- Important: Your API key is shown only once on the confirmation page. Copy it immediately and save it somewhere safe. It cannot be retrieved later.
- Enter the API key in the API Key field on the settings page.
Option B: Sign Up at xyzinc.com
- Visit xyzinc.com/wordpress-plugin to register.
- Enter the API key you receive in the settings page.
Step 3: Configure the Cookie Signing Key
- On the Settings > Age Verification page, find the Cookie Signing Key field.
- Click Fetch from API.
- The key will be automatically retrieved and saved. This key is used to cryptographically sign the verification cookie so visitors cannot forge it.
Step 4: Create the Age Gate Page
- In your WordPress admin, go to Pages > Add New.
- Set the page title to anything you like (e.g., "Age Verification").
- Critical: Set the page slug to
age-gate. This is the URL path the MU plugin redirects to.
- In the page content, add the shortcode:
[xyzav_age_verify]
- Publish the page.
To set the slug: in the block editor, open the page settings panel on the right, expand "URL" or "Permalink," and type age-gate.
Step 5: Install the Must-Use Plugin
This is the most important step. The MU plugin runs on every page load before other plugins, checking whether the visitor needs to be age-verified.
- Navigate to your plugin folder:
/wp-content/plugins/xyz-age-verify-free/mu-plugin/
- Copy the file
xyz-age-gate-redirect.php to /wp-content/mu-plugins/
- If the
mu-plugins directory does not exist, create it first.
How to do this depends on your hosting:
- cPanel File Manager: Navigate to
wp-content, create a folder named mu-plugins if needed, then copy the file.
- FTP client (FileZilla, etc.): Upload the file to
/wp-content/mu-plugins/.
- SSH/command line:
cp wp-content/plugins/xyz-age-verify-free/mu-plugin/xyz-age-gate-redirect.php wp-content/mu-plugins/
- Plesk File Manager: Navigate to the site's document root, then
wp-content, create mu-plugins if needed, and upload.
Step 6: Configure Your Regions
- Go to Settings > Free Plan in your WordPress admin.
- On the Regions tab, click Add Region.
- Enter the country code (e.g.,
US, DE, GB) and optionally a state code (e.g., TX, CA).
- Set the action to Verify to require age verification for visitors from that region.
- Set the minimum age (default is 18). If you set a minimum age other than 18, Tier 2 (ID verification) will be automatically required.
- Save the region.
See Understanding Regions and Geographic Rules for details on how region matching works.
Step 7: Verify Your Setup
Go back to Settings > Age Verification and check the Setup Checklist:
- API Key: Green checkmark if a valid key is entered
- Cookie Signing Key: Green checkmark if fetched successfully
- Age-Gate Page: Green checkmark if a page with the slug
age-gate exists
- MU Plugin: Green checkmark if
xyz-age-gate-redirect.php is installed in mu-plugins
- API Status: Green checkmark if the API is reachable
All items should show green checkmarks. If any show a red X, review the corresponding step above.
Step 8: Test the Age Gate
- Enable Test Mode in the settings.
- Open an incognito/private browsing window (so you're not logged into WordPress).
- Visit any page on your site with
?reg= followed by a region you configured. For example: https://yoursite.com/?reg=US-TX
- You should be redirected to the age gate page with the verification interface.
- Complete the verification and confirm you're redirected back to the original page.
See Test Mode — How to Test Your Age Gate for more testing scenarios.
Step 9: Page Cache Configuration
If you use a page cache plugin (W3 Total Cache, WP Super Cache, etc.), exclude the /age-gate/ page from caching. Cached pages bypass PHP execution, which would skip the age verification check on the gate page itself.
Important: WP Rocket is not compatible with this plugin. See Caching Compatibility for details.
You're Done
Your site is now age-gated for the regions you configured. Visitors from those regions will see the verification interface before accessing your content. Logged-in WordPress users bypass the gate automatically.
Next steps:
