Specifications

s2Member®—a powerful (free) membership plugin for WordPress®. Protect members only content with roles/capabilities.

NOTICE: The support forum at WordPress is for community interaction only. If you are an s2Member Pro customer in need of support, please use our support center.


The s2Member® Framework (free) integrates with PayPal Website Payments Standard (also free). Sell "Buy Now" or Membership access to your site. Restrict access to Roles, Capabilities, Posts, Pages, or anything else in WordPress.

Protect your WordPress Posts, Pages, Tags, Categories, URIs, BuddyPress/bbPress, and even portions of content within Posts, Pages, themes, plugins. Easily configurable & highly extensible. You can even protect downloadable files and streaming audio/video. Store files locally, or use s2Member's integration with Amazon® S3/CloudFront.

s2Member is powered almost entirely by WordPress shortcodes, making complex integrations quick & easy. Sell recurring (or non-recurring) subscriptions with lots of flexibility. Or sell "Buy Now" access in various ways. You can also sell specific Posts/Pages, sell access to file downloads, or sell Custom Capabilities that provide highly configurable access to specific portions of your content.

You can learn more at s2Member.com.

Reasons to upgrade to "s2Member® Pro"

  • Stripe™ (+Bitcoin) integration via Pro-Forms (one-step checkout).
  • PayPal Pro™ integration via Pro-Forms (one-step checkout).
  • Authorize.Net™ integration via Pro-Forms (one-step checkout).
  • Plus ClickBank™, Unlimited Membership Levels, Coupon Codes, Gift/Redemption Codes, Pro API, and more!

With 1000's of customers, an intelligent open-community, comprehensive documentation, video tutorials, APIs, the s2Member Codex, KB articles, and over 50,000 forum posts; s2Member just can't be beat!

Secure WordPress content and offer users/members a secure checkout solution that integrates seamlessly with WordPress Roles/Capabilities. It's like a cash machine. s2Member puts money back in your pocket with every customer you acquire. You can learn more at s2Member.com.

NOTICE: If you are an s2Member Pro customer in need of support, please use our support center at s2Member.com.


s2Member® is Very Easy to Install

  1. Upload the /s2member folder to your /wp-content/plugins/ directory.
  2. Activate the plugin through the Plugins menu in WordPress®.
  3. Navigate to the s2Member® Options panel for configuration details.

See Also (s2Member.com)

Detailed installation/upgrade instructions.

Is s2Member compatible with Multisite Networking?

Yes. s2Member and s2Member Pro, are also both compatible with Multisite Networking. After you enable Multisite Networking, install the s2Member plugin. Then navigate to s2Member → Multisite (Config) in the Dashboard on your Main Site.

NOTICE: If you are an s2Member Pro customer in need of support, please use our support center at s2Member.com.


Please Check the Following s2Member® Resources

Translating s2Member®

Please see: http://s2member.com/r/translations/

Copyright: © 2013 WebSharks, Inc. (coded in the USA)

Released under the terms of the GNU General Public License.

Credits / Additional Acknowledgments

v170524

  • (s2Member/s2Member Pro) PHP v7 Compat. Enhancements: This release adds an integration with the Defuse encryption library for PHP, making it possible for s2Member to move away from the mcrypt_*() family of functions in versions of PHP >= 7.0.4, where the mcrypt library has been deprecated — mcrypt_*() will eventually be removed entirely.

    Starting with this release of s2Member, if you're running s2Member on PHP v7.0.4+, the Defuse library will be used automatically instead of mcrypt. See Issue #1079.

    Note: Backward compatibility with mcrypt functions will remain for now, especially for the decryption of any data that was previously encrypted using RIJNDAEL-256; i.e., data encrypted by a previous release of the s2Member software. s2Member is capable of automatically determining the algorithm originally used to encrypt, which allows it to decrypt data using Defuse, else RIJNDAEL-256, else XOR as a last-ditch fallback.

    API Functions: s2member_encrypt() & s2member_decrypt(). These two API Functions provided by s2Member are impacted by this change. Starting with this release, if you're running s2Member on PHP v7.0.4+, the Defuse library is used automatically instead of the older mcrypt extension. Not to worry though; the s2member_decrypt() function is still capable of decrypting data encrypted by previous versions of the s2Member software.

  • (s2Member/s2Member Pro) UI Fix: All menu page notices should be given the notice class and the additional notice-[type] class instead of the older generic updated and error classes. Fixed in this release. Related to Issue #1034

  • (s2Member/s2Member Pro) UI Fix: Plugins displaying Dashboard-wide notices using the older updated and error classes should be handled better to avoid displaying them below the s2Member header (on s2Member menu pages) and with non-default WordPress styles. See: Issue #1034

  • (s2Member/s2Member Pro) UI Fix: Improving color highlighting in input fields following a media library insertion; e.g., when adding a custom logo to the login/registration page.

  • (s2Member Pro) Bug Fix: Merchants using PayPal Pro (Payflow Edition) to charge a fixed non-recurring fee following an initial 100% free trial period, were seeing their member accounts EOTd after the trial ended, instead of the EOT Time being set to the end of the fixed term period. Props @patdumond, James Hall, and many others for reporting this in the forums and at GitHub. See Issue #1077.

  • (s2Member Pro) Bug Fix: Updating PHP syntax in Simple Export tool, for compatibility w/ modern versions of PHP. Props @patdumond for reporting and helping us locate the underlying cause of this problem. See Issue #1055.

  • (s2Member Pro) Stripe Bug Fix: This releases corrects a seemingly rare conflict between s2Member and Stripe on certain mobile devices and in certain scenarios. In a case we examined, there was a problematic CSS z-index setting in the s2Member source code that was, at times, causing problems in the stacking order, which resulted in a user's inability to enter details into the Stripe popup form. In this release, s2Member's customization of the z-index stacking order has been removed entirely, as it is no longer necessary in the latest revision of the Stripe popup, which already handles z-index adequately. Props @jaspuduf for reporting and for helping us diagnose the problem. See Issue #1057.

  • (s2Member/s2Member Pro) Security Enhancement: This release removes the %%user_pass%% Replacement Code from the API Registration Notification email that is sent to a site owner; i.e., when/if it is configured by a site owner. Props @patdumond see Issue #954. This Replacement Code was removed as a security precaution.

  • (s2Member/s2Member Pro) Bug Fix: Resolving internal warning: 'PHP Warning: Parameter 2 to c_ws_plugin__s2member_querys::_query_level_access_coms() expected to be a reference, value given'. This was resolved by removing the strict 'by reference' requirement from the list of parameters requested by s2Member.

  • (s2Member/s2Member Pro) Bug Fix: Resolving internal warning: 'PHP Warning: Illegal string offset 'user_id' in s2member/src/includes/classes/sc-eots-in.inc.php'. This was resolved by typecasting $attr to an array in cases where WordPress core passes this as a string; e.g., when there are no attributes.

  • (s2Member Pro) Bug Fix: Incorrect default option value for reject_prepaid="" attribute in Stripe Pro-Forms. See: Issue #1089

v170221

  • (s2Member/s2Member Pro) JW Player v7: This release adds support for JW Player v7 in the [s2Stream /] shortcode. See Issue #774.

  • (s2Member Pro) Bug Fix: Allow Pro-Forms to use success="%%sp_access_url%%" without issue. See Issue #1024.

  • (s2Member/s2Member Pro) AWS Region: Adding AWS region ap-northeast-2. See Issue #1033.

  • (s2Member/s2Member Pro) AWS Region: Adding AWS region eu-west-2. See Issue #1033.

  • (s2Member) Bug Fix: This release corrects a minor server-side validation bug that was related to the use of non-personal email address. See Thread #1195 and Issue #1054.

  • (s2Member) Bug Fix: Updated several outdated links within the software; e.g., removing older www. references, correcting forum links, and more. Also corrected missing changelog. See Issue #1027.

  • (s2Member Pro) Pro Upgrader: The pro upgrader has been refactored and now asks for your s2Member Pro License Key instead of your s2Member.com password. The next time you upgrade to the most recent version of s2Member Pro, you will be asked for your License Key. You can obtain your License Key by logging into your account at s2Member.com. Once logged in, visit your 'My Account' page, where you will find your License Key right at the top. See Issue #668.

  • (s2Member/s2Member Pro) CloudFlare Compat.: Enhancing compatibility with Rocket Loader via data-cfasync="false" on dynamic s2Member scripts. See: Issue #1038.

v161129

  • (s2Member Pro) Bug Fix: Stripe refund notifications via the Stripe Webhook were always interpreted by s2Member as full refunds. This release corrects this bug so that s2Member will handle partial refunds via the Stripe API properly in all cases. Props @raamdev for reporting.

  • (s2Member/s2Member Pro) Bug Fix: Updating profile via [s2Member-Profile /] when changing email addresses may leave the old email address on configured email list servers in some scenarios. Props @renzms for reporting. For further details see issue #1007.

  • (s2Member/s2Member Pro) SSL Compatibility & Option Deprecation: In previous versions of s2Member there was a setting in the UI that allowed you to force non-SSL redirects to the Login Welcome Page. By popular demand, this setting has been deprecated and removed from the UI.

    New Approach: The new approach taken in the latest release of s2Member is to automatically detect when a non-SSL redirection should occur, and when it should not occur (i.e., when the default WordPress core behavior should remain as-is).

    s2Member does this by looking at the FORCE_SSL_LOGIN and FORCE_SSL_ADMIN settings in WordPress, and also at your configured siteurl option in WordPress. If you are not forcing SSL logins, or your siteurl begins with https:// (indicating that your entire site is served over SSL), non-SSL redirects will no longer be forced by s2Member, which resolves problems on many sites that serve their entire site over SSL (a growing trend over the past couple years).

    Conversely, if FORCE_SSL_LOGIN or FORCE_SSL_ADMIN are true, and your configured siteurl option in WordPress does NOT begin with https:// (e.g., just plain http://), then a non-SSL redirect is forced, as necessary, in order to avoid login cookie conflicts; i.e., the old behavior is preserved by this automatic detection.

    Overall, this new approach improves compatibility with WordPress core, particularly on sites that serve all of their pages over https:// (as recommended by Google).

    Backward Compatibility: As noted previously, the old option that allowed you to configure s2Member to force non-SSL redirects to the Login Welcome Page has been officially deprecated and removed from the UI. However, the old option does still exist internally, but only for backward compatibility. A WordPress filter is exposed that allows developers to alter the old setting if necessary. You can use the filter to force a true or false value.

    <?php
    add_filter('ws_plugin__s2member_login_redirection_always_http', '__return_true');
    // OR add_filter('ws_plugin__s2member_login_redirection_always_http', '__return_false');
    
  • (s2Member/s2Member Pro) Bug Fix: Username/password email being sent to users whenever Custom Passwords are enabled in your s2Member configuration and registration occurs via the default wp-login.php?action=register form. Fixed in this release. See also: issue #870 if you'd like additional details.

  • (s2Member Pro) Bug Fix: In the [s2Member-List /] search box shortcode an empty action="" attribute produces a warning due to invalid syntax in HTML v5. Fixed in this release. See Issue #1006

  • (s2Member/s2Member Pro) IP Detection: This release improves s2Member's ability to determine the current user's IP address. s2Member now searches through HTTP_CF_CONNECTING_IP, HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_X_CLUSTER_CLIENT_IP, HTTP_FORWARDED_FOR, HTTP_FORWARDED, HTTP_VIA, and REMOTE_ADDR (in that order) to locate the first valid public IP address. Either IPv4 or IPv6. Among other things, this improves s2Member's compatibility with sites using CloudFlare. See also: issue #526 if you'd like additional details.

  • (s2Member Pro) JSON API: In the pro version it is now possible to use the s2Member Pro Remote Operations API to send and receive JSON input/output. This makes the Remote Operations API in s2Member compatible with a variety of scripting languages, not just PHP; i.e., prior to this release the Remote Operations API required that you always use PHP's serialize() and unserialize() functions when making API calls. The use of serialize() and unserialize() are no longer a requirement since input/output data is now sent and received in the more portable JSON format. For new code samples, please see: WordPress Dashboard s2Member API / Scripting Pro API For Remote Operations. See also: issue #987 if you'd like additional details on this change.

    Note: The old s2Member Pro Remote Operations API has been deprecated but will continue to function just like before (via serialize() and unserialize()) for the foreseeable future. Moving forward, we recommend the new JSON code samples. Again, you will find those under: WordPress Dashboard s2Member API / Scripting Pro API For Remote Operations

  • (s2Member/s2Member Pro) Enforce data types when determining PHP constants. See this GitHub issue if you'd like further details.

  • (s2Member/s2Member Pro) Phing Build Routines: Starting with this release, developers working on the s2Member project are now able to perform builds of the software via the websharks/phings project; i.e., the structure of the plugin directories has been changed (slightly) to conform to Phing and PSR4 standards. This makes it easier for our developers to prepare and release new versions of the software in the future.

v160801

  • (s2Member/s2Member Pro) WP v4.6 Compatibility. A full round of tests was performed against this release of s2Member, s2Member Pro, and the upcoming release of WordPress v4.6. In particular, the new HTTP API needed testing, along with the new optimized loading sequence in WordPress v4.6. Our tests indicate there are no compatibility issues, and we therefore encourage all s2Member site owners to upgrade to WordPress v4.6 whenever it becomes available publicly.

  • (s2Member/s2Member Pro) Bug Fix: Allow for < and > to work in the [s2If php="" /] shortcode attribute as expected. Some Visual Editors convert these into &lt; and &gt;, so it's necessary to interpret them as such whenever the shortcode is parsed by s2Member.

  • (s2Member/s2Member Pro) JS API: Reducing the number of variables provided by the s2Member JavaScript API by default, and adding a new filter that allows them to all be enabled when/if desirable: ws_plugin__s2member_js_api_constants_enable. Props @JeffStarr for reporting.

v160503

  • (s2Member/s2Member Pro) Security Enhancement: This release forces CURLOPT_SSL_VERIFYPEER to a value of TRUE in the AWeber SDK that is used when/if you integrate with AWeber. In short, this forces AWeber to have a valid/verifiable SSL certificate before any data is exchanged between s2Member and the AWeber API behind-the-scenes. Props at WordPress security team for reporting this.

v160424

  • (s2Member/s2Member Pro) PHP Compat./Bug Fix: This follow-up release includes a patch that will prevent fatal errors when s2Member and/or s2Member Pro are installed on a site running PHP v5.2 or PHP v5.3; i.e., this release corrects a bug that was causing fatal errors on these older versions of PHP. Note that s2Member and s2Member Pro are once again compatible with PHP v5.2+, up to PHP v7.0. Props @krumch. See also: this GitHub issue for details.

v160423

  • (s2Member/s2Member Pro) WP v4.5 Compatibility. This release offers full compatibility with the latest release of WordPress v4.5. Nothing major was changed for standard WordPress installations, but there were a few subtle tweaks here and there to improve v4.5 compatibility. We encourage all users to upgrade right away.

    NOTE: WP v4.5 for Multisite Networks running s2Member Pro: This release corrects a bug first introduced in the previous release of s2Member Pro that resulted in an error message (Uncaught Error: Class 'c_ws_plugin__s2member_mms_patches' not found) when updating to WP v4.5. It has been corrected in this release, but in order to avoid this problem altogether please follow this procedure when upgrading WordPress.

    WP v4.5 Multisite Upgrade Procedure:

    • Upgrade s2Member and s2Member Pro ​before​ updating WordPress core.
    • Then upgrade WordPress core and observe that Multisite Patches are applied properly.

    If you have already upgraded to WP v4.5 and worked past this issue by patching manually, that's fine. You can still upgrade s2Member and s2Member Pro. After the upgrade you may feel free to enable automatic patching again if that's desirable.

  • (s2Member/s2Member Pro) Bug Fix: This release corrects a bug first introduced in the previous release which was causing a PHP warning about cf_stream_extn_resource_exclusions. A symptom was to have mysterious problems with [s2Stream /] or the [s2File /] shortcode. Fixed in this release. Props at @raamdev @renzms for reporting. See also this GitHub issue for details.

  • (s2Member/s2Member Pro) PayPal SSL Compatibility: This release of s2Member provides an https:// IPN URL for PayPal IPN integrations. It also provides a helpful note (in the Dashboard) about a new requirement that PayPal has with respect to the IPN URL that you configure at PayPal.com. s2Member has been updated to help you with this new requirement.

    New PayPal.com IPN Requirement: PayPal.com is now requiring any new IPN URL that you configure to be entered as an https:// URL; i.e., if you log into your PayPal.com account and try to configure a brand new IPN URL, that URL must use https://. PayPal.com will refuse it otherwise.

    However, the notify_url= parameter in standard PayPal buttons should continue to work with either http:// or https://, and any existing configurations out there that still use an http:// IPN URL should continue to work as well. So this is about planning for the future. We have been told that PayPal will eventually require that all IPN URLs use an https:// protocol; i.e., they will eventually stop supporting http:// IPN URLs altogether (at some point in the future), they are not giving anyone a date yet. For this reason we strongly suggest that you review the details given here.

    Since PayPal is moving in a direction that will eventually require all site owners to have an SSL certificate in the future, s2Member's instructions (and the IPN URL it provides you with) will now be presented in the form of an https:// URL with additional details to help you through the process of configuring an IPN handler for PayPal.

    See: WordPress Dashboard s2Member PayPal Options PayPal IPN Integration

    Props @codeforest for reporting. See this GitHub issue for further details.

  • (s2Member/s2Member Pro) Bug Fix: Email field on Registration page not shown as required via * symbol like other fields in this form. Caused by a change in WordPress core. Fixed in this release. Props @spottydog63 @renzms. See also: this GitHub issue for details.

  • (s2Member/s2Member Pro) Bug Fix: E_NOTICE level errors in cache handler when running in WP_DEBUG mode. Props at @KTS915 for reporting. Fixed in this release. See also: this GitHub issue.

  • (s2Member/s2Member Pro) i18n Compatibility: This release of s2Member moves the load_plugin_textdomain() call into the plugins_loaded hook instead of it being run on init. Props @KTS915 for reporting. See also: this GitHub issue for details.

  • (s2Member Pro) Multisite Patches: Fixed a bug (Uncaught Error: Class 'c_ws_plugin__s2member_mms_patches' not found) whenever WordPress was being updated and Multisite Patches were being applied in the pro version of s2Member. See: this GitHub issue for details.

  • (s2Member/s2Member Pro) Security Enhancement: This release of s2Member defaults PayPal Button Encryption to a value of on instead of off; i.e., there is a new default behavior. Existing s2Member installations are unaffected by this change, but if you install s2Member on a new site you will notice that (if using PayPal Buttons), Button Encryption will be enabled by default.

    Note that in order for Button Encryption to work, you must fill-in the API credentials for s2Member under: WordPress Dashboard s2Member PayPal Options PayPal Account Details

v160303

  • (s2Member/s2Member Pro) Comet Cache Compat.: This release improves compatibility with Comet Cache (formerly ZenCache), whenever you have it configured to cache logged-in users. See also: this GitHub issue. Props @KTS915 for reporting!

  • (s2Member Pro) ClickBank IPN v6 Compat.: Version 6 of the ClickBank IPN system was recently updated in a way that causes it to return transactionType = CANCEL-TEST-REBILL in test mode, instead of the previous value, which was: TEST_CANCEL-REBILL. s2Member Pro has been updated to understand either/or. See also this GitHub issue for further details.

  • (s2Member Pro) Stripe Bug Fix: This release corrects a bug caused by typos in the source code that were preventing refunds from being processed as expected whenever Stripe was integrated. Props @YearOfBenj for reporting this important issue. Props @patdumond for relaying vital information. See also this GitHub issue if you'd like additional details.

  • (s2Member Pro) PayPal Bug Fix: Under some conditions, the EOT behavior in s2Member Pro (when integrated with PayPal Pro) would immediately terminate access whenever a customer's subscription naturally expires. Recent versions of the Payflow system set the status to EXPIRED, and this was handled as an immediate EOT instead of as a delayed EOT that is subject to date calculations to determine the correct date on which a customer should lose access; i.e., based on what they have already paid for. Fixed in this release. See also: this GitHub issue if you'd like additional details.

  • (s2Member Pro) One-Time Offer Bug Fix: This release corrects some inconsistencies in the One-Time Offers system that comes with s2Member Pro. Symptoms included seemingly unpredictable behavior whenever redirections were configured without a specific Membership Level. Props @jacobposey for reporting. See also: this GitHub issue if you'd like additional details.

  • (s2Member/s2Member Pro) Bug Fix: s2Member was not properly respecting DISALLOW_FILE_MODS in a specific scenario related to GZIP. Props @renzms @kristineds. See also: this GitHub issue for further details.

  • (s2Member,s2Member Pro) Bug Fix: Resolved a minor glitch in the WordPress Dashboard Settings General panel, where s2Member's notice regarding Open Registration was inadvertently forcing the entire page into italics. Props @renzms @kristineds @raamdev ~ See also: this GitHub issue if you'd like additional details.

  • (s2Member/s2Member Pro) PayPal Sandbox: This release updates the inline documentation under the PayPal Account Settings section of s2Member. We now suggest that instead of enabling PayPal Sandbox Mode (sometimes buggy at best), that site owners run tests with low-dollar amounts against a live PayPal account instead; e.g., $0.01 test transactions in live mode work great also. See this GitHub issue if you'd like additional details. Props @raamdev for mentioning this again.

v160120

  • (s2Member,s2Member Pro) Bug Fix: Resolved a minor glitch in the WordPress Dashboard Settings General panel, where s2Member's notice regarding Open Registration was inadvertently forcing the entire page into italics. Props @renzms @kristineds @raamdev ~ See also: this GitHub issue if you'd like additional details.

  • (s2Member) Multisite Support: This release of s2Member (the free version only) removes full support for Multisite Networks, which is now a Pro feature; i.e., only available in the Pro version.

    Is s2Member still compatible with WordPress Multisite Networking?

    Multisite support is no longer included in the s2Member Framework. However, it is available with s2Member Pro. s2Member Pro is compatible with Multisite Networking. After you enable Multisite Networking, install the s2Member Pro Add-On. Then, navigate to s2Member → Multisite (Config) in the Dashboard of your Main Site. You can learn more about s2Member Pro at s2Member.com.

    I was using the free version in a Multisite Network before. What happened?

    s2Member (when running on a Multisite Network) requires minor alterations in WordPress core that are not compatible with plugins available at WordPress.org (i.e., not allowed) at this time. For this reason, full support for Multisite Networks is now available only in the pro version.

    What if I already configured Multisite options on a site running the free version?

    If you already customized s2Member's Multisite Network configuration options in a previous release, those settings will remain and still be functional over the short-term; i.e., the functionality that makes s2Member compatible with Multisite Networking is still included, even in the s2Member Framework. However, the routines that deal with core patches, and those that allow you to change Multisite options are no longer available. You will need to acquire the Pro version. Or, you can revert to a previous release. s2Member Framework v151218 is suggested if you go that route.

    See also: this GitHub issue for further details.

v151218

  • (s2Member Pro) Reminder Email Notification Exclusions: It is now possible to enable/disable EOT Renewal/Reminder Email notifications on a per-user basis. You can edit a user's profile in the WP Dashboard and check "No (exclude)" to prevent specific users from receiving any reminder emails that you configured. Props at @patdumond @luisrock. See also this GitHub issue.

  • (s2Member) PHP v7 Compat.: This release addresses one remaining issue with the preg_replace /e modifier as reported in this GitHub issue. Props @nerdworker for reporting. Thanks!

  • (s2Member/s2Member Pro) WP v4.4 Compat.: This release corrects an issue that impacted sites attempting to run s2Member on a Multisite Network; i.e., it corrects a problem with the load.php patch against the latest release of WordPress. Props @crazycoolcam for reporting! See also this GitHub issue.

  • (s2Member/s2Member Pro) Getting Help: This release adds a new menu page titled, "Getting Help w/ s2Member". This new section of your Dashboard provides quick & easy access to s2Member KB articles, suggestions, and our tech support department (for pro customers). Props @patdumond @raamdev. See also this GitHub issue.

For older Changelog entries, please see the changelog.md file.