What are Verification Gates?
Verification Gates is a new Token of Trust feature that lets you guard any page(s) you’d like on your website.
How to Enable Verification Gates
Go to the ‘General Settings’ tab under Token of Trust. Find Verification Gates and click on ‘Enable Verifications by Page’. Choose between exclusion or inclusion setting, and add the page/s you need.
NOTE: Make sure to refresh the cache if you’re using caching plugins(e.g. WP Fastest Cache, WP-Rocket, etc.)
How do I add a verification gate to one or more pages?
To actually add the Verification Gates to pages you will need to specify a filter for tot_get_verification_requirement. There’s an example below that shows how to check and see if the current page is ‘some-page’ and if so builds a verification requirement that will redirect if verification is required.
tot_build_verification_requirement - should be used to build the structure that tot will understand. It takes a string as well as a 2nd parameter $args for special purposes. For now there are only 2 string parameters you need to know about:
- ‘redirect’ means that verification is required and that you will redirect to the “Verification Required” page if it is specified.
- ‘none’ means that verification is NOT required and the user will be allowed access to the page.
When you’re building your filtering function, you can either go inclusive (only specifying the pages that will be gated) or exclusive (specifying the pages you don’t want to gate). If you have a small number of pages you need to guard (e.g. checkout or payment) then go inclusive - just specify the small set of pages to gate and be done with it. If you want to guard ALL your pages except for a small number then go inclusive. Another approach is to ensure that all pages are grouped in a specific sub-path to either include or exclude en-mass. Either way, remember that new pages will need to be exposed to the world or gated depending upon the approach you’ve taken.
In functions php:
add_filter('tot_get_verification_requirement', 'tot_override_get_verification_requirement'); function tot_override_get_verification_requirement ($current) { $slug = basename(get_permalink()); if ($slug == 'some-slug') { return tot_build_verification_requirement('redirect', array('redirectUrl' => '/verification-required')); } return $current; } |
Above we get the ‘slug’ which is usually the last part of the url - but this can be tricky if you didn’t setup the site. Checkout “How do I determine the slug for a page?” below, for a reliable way to do this.
And of course you can do different things for different pages - here’s another example:
add_filter('tot_get_verification_requirement', 'tot_override_get_verification_requirement'); function tot_override_get_verification_requirement ($current) { $slug = basename(get_permalink()); if ($slug == 'login') { return tot_build_verification_requirement('none'); } if (is_page('some-page')) { // ‘redirect’ return tot_build_verification_requirement('redirect'); } if (is_page('other-page')) { return tot_build_verification_requirement('redirect', array('redirectUrl' => 'someurl')); } return $current; } |
To ensure you’ve got the right value to compare against slug check out.
How do I make it so Token of Trust doesn’t ask for an email address?
Go into your settings and check off this box (enable it):
This gives us permission to send the email address and last name of the customer to Token of Trust. This is required because depending upon the jurisdiction of the visitor you may need to get confirmation with them before you can send this information to us (e.g. if you were serving EU customers in the EU for GDPR compliance).
Depending upon your jurisdiction you can add something to your Terms of Service, related to using Token of Trust for identity verification along with what you’re sharing (what you collect in the user registration and/or the checkout process).
If you need to comply with a more stringent data requirement (e.g. GDPR or CCPA) you’d add a checkbox to your registration form before getting to this page to make sure users are comfortable with sharing their info with Token of Trust and that you’re okay to send it. This consent should cover you in all jurisdictions so you might just want to add something like this to ensure you’re covered:
Obviously you’ll need to change what it says depending upon context but this is what our Woo Commerce checkout process looks like.
What if my users don't sign in?
Currently Verification Gates are only supported for signed in guests. For any page you have ‘gated’ we will direct a non-signed in user to the ‘Verification Required’ page. We recommend that you place that page behind a redirect to login if at all possible.
If you must have Verification Gates for non-users of your site please contact us. This is not a feature yet but it is on our roadmap and we’d like to understand how you think it should work.
How do I determine the slug for a page?
You can see the slug as part of debugging output. If you’d like to do this without enabling debug mode you can use the method here in your functions.php:
add_action('wp_footer', 'echoSlug', 2); function echoSlug() { $slug = basename(get_permalink()); echo '<!-- Page Slug = "' . $slug . '" -->'; } |