Age Verification and Membership / Subscriber Sites
This guide explains how the age gate interacts with WordPress sites that have user registration and membership functionality, and what to consider when planning your workflow.
How the Logged-In User Exemption Works
The age gate redirect runs as a Must-Use plugin, which loads very early in the WordPress boot process — before themes, regular plugins, and user role management. At this stage, the plugin can detect that a visitor has a WordPress login cookie (wordpress_logged_in_*), but cannot determine what role they have (administrator, editor, subscriber, etc.).
Because of this, all logged-in WordPress users bypass the age gate, regardless of their role. This includes:
- Administrators
- Editors and authors
- Subscribers
- WooCommerce customers
- Members (from membership plugins)
- Any custom role
Why This Design
The primary goal is to prevent site administrators from being locked out of their own WordPress admin area. Since the MU plugin cannot distinguish between an administrator and a regular member at the point where it runs, the safest approach is to exempt all authenticated users.
For most age-gated sites, this is the correct behavior: anonymous visitors are the ones who need verification.
Implications for Membership Sites
Standard Flow (Works Well)
For sites where:
- Anonymous visitors browse the public site (age-gated)
- Visitors must register/log in to access member content
- Registration is open to anyone who passes age verification
This flow works naturally:
- Anonymous visitor arrives from an age-gated region.
- They complete age verification.
- They can now browse the public site and access the registration page.
- After registering and logging in, they bypass the age gate on future visits.
The age gate effectively becomes the first step of the registration funnel — visitors must be verified before they can create an account.
Sites Where This Is a Concern
If your site requires age verification for content that logged-in members can also access — for example, tiered content where certain sections require re-verification even for members — this plugin is not a fit for that use case.
Specific scenarios where the logged-in exemption may not be suitable:
- Age-restricted sub-sections within a member area — a member who passed verification at age 18 returns years later and you want to re-verify for age-21 content.
- Shared logins — multiple people using the same WordPress account, where you want to verify each person individually.
- Accounts created before age verification was implemented — existing members who were never age-verified.
Workarounds
If you need to re-verify logged-in users for specific content, consider these approaches:
Separate verification for premium content — use a different mechanism (not cookie-based) for logged-in user verification. This would be a custom development effort, not built into this plugin.
Cookie expiration — the verification cookie has a limited lifetime. When it expires, even logged-in users will be re-verified on their next visit if they log out and return.
Session-based approach — for truly session-specific verification needs, a different architectural approach may be needed. Contact support for guidance.
WooCommerce Compatibility
WooCommerce customers have WordPress user accounts. Once logged in, they bypass the age gate like any other WordPress user. This is generally the desired behavior for age-restricted product stores:
- Anonymous visitor arrives and is age-verified.
- They browse products and add items to their cart.
- At checkout, they create a WooCommerce account or log in.
- On return visits while logged in, they bypass the age gate.
The age gate page should not interfere with the WooCommerce checkout flow because /checkout/, /my-account/, and other WooCommerce pages are not the age-gate page.
Planning Your Registration Flow
When implementing age verification on a membership site:
Place age verification before registration. Anonymous visitors should encounter the age gate before they can access the registration form. This ensures all new members have been verified.
Consider the age-gate page placement. The age-gate page catches all visitors to age-gated regions. Once verified, they have full access to the public site, including registration and login pages.
Cookie lifetime. Think about how long the verification cookie should last. A longer cookie means fewer re-verifications (better user experience, lower credit usage). A shorter cookie means more frequent verification (stricter compliance).
Document your flow. Make it clear in your site's terms of service that age verification is required and what it covers.
Next Steps
