In this guide we'll show you how to use Verify to restrict certain areas of your Wordpress website to users who own your NFT. We'll be using the Content Control plugin, but you can use any plugin which allows you to restrict access to pages or posts depending on the user's role.

Theory

Below is a high-level overview of how this solution works.

1. Create a Wordpress role (e.g nft_holder) which will be required to view gated content

2. When a user clicks on the a gated post without the required role they'll be taken to a page with the Verify SDK

3. We'll use the user option to provide the current user ID and a HMAC signature to the verify request. A signature is used here to prevent the user tampering with their ID before completing verification.

4. After completing verification we receive a signed object with result, which includes the user ID we provided. This entire object can be trusted, including the user ID, thanks to the signature from Step 3.

5. We send this object to a Cloudflare Worker, which verifies the signature and adds the nft_holder role to the user if they own the NFT

6. User is redirected back to the gated post they originally requested

Once the user has verified their NFT once, they'll have instant access to all future posts without verifying again.

You could extend this example by also adding an expiration time to the user metadata in Step 5, and registering a wp_cron which removes the role from expired users. This would require users to re-verify ownership periodically.

Set up role-based access

Lorem ipsum