3.2 Protect your Course Content

Three layers of security

Member Pages Security.png

Because of how Squarespace is structured the safest way to protect your content is to use the built-in password protection. However, not everyone wants to have the same password for all course participants and prefers to offer individual logins which is why Memberspace developed their system with three layers of protection:

  1. Page Redirect
    If someone tries to access a page that you have added to Memberspace they get redirected to another (public) page and shown the login/sign-up pop-up.

  2. Page Black-Out
    Because a site visitor will very briefly see the page they are trying to access before it is redirected you can add a black-out screen to it. This way when someone calls up this page they will see a black screen for a second or two before being redirected. You can change the color of the black-out screen to anything you want, in my case I changed it to my turquoise branding color.

  3. Content Links
    By adding content directly to the Memberspace servers 100% security is ensured. You simply upload your content to Memberspace and add a link to it in your course. You can protect the following content this way:

  • PDF’s and other document files

  • Videos

  • Audio files

  • Images

  • HTML code

2 easy steps for ultimate security

While it is not an obvious trick it is possible to bypass the Memberspace login. I am not a Javascript expert and it took me about 20 minutes to find the bypass and break into my own course, as well as other people’s courses. This, by the way, can be done with any of the 3rd party membership apps, all of them have this vulnerability.

Memberspace does add an extra layer of protection by offering to host content on their secure servers, see step 3 above. I definitely recommend to do that.

However, there are a couple of additional steps that I highly recommend for keeping unwanted visitors away:

1. Hide your course from search engines

MS Hide SEO.png

We already covered this in Module 2 but make sure that you hide your blog from the search engines. In your blog settings go to:

> SEO > Hide from Search Engines

Check “All pages in this collection which will also check the two items below it. If you don’t do this you’d still be ok because even if your course blog appeared in a search people would be asked to log in if they clicked on it. But I’d rather my course pages didn’t show up in the first place.

2. Do NOT link to your course from your website

MS Login Sign Up.png

By not linking directly to your course from your website hackers won’t know where to go. So even if someone knows how to bypass your Memberspace login they are not able to access your course because they don’t know the direct URL to it.

It is tempting to have for instance a link to a protected member area on your website, don’t do it!

Instead, use the Memberspace Login/Sign Up link and direct your students to your course that way. You can use this as a text link or a button wherever you want on your website. Many people add the Login/Sign Up link to their nav bar for instance. I have this as a login link in my website footer.

By clicking on this link students are logged into their Memberspace account from where they are taken to your course.

In Memberspace go to:

> Customize > Install Options

Video Tutorial