There is a way to hide meta data. I think it’s by starting the name with a period, so instead of numberOfCredits you could use .numberOfCredits and it wouldn’t show up. At least that’s true on pages and posts.

That said, I gave up on the eCommerce side of the site that was using this. After a couple of years it only made about 10 bucks so I took off the eCommerce stuff and added a few ads. In the 3 months since then I’ve already gone over what it made as an eCom site.

How do you prevent one of your users from going into their profile at …/wp-admin/ and giving themselves a million credits that they haven’t paid for?

I have installed the WP Hide Dashboard plugin to keep my users from the dashboard areas of wp-admin, but they still can see and edit their profile (including all metadata that I have added).

I have considered restricting access to the /wp-admin/ directories using .htaccess so that only my admins can get there (and only from their known secure IP addresses). But that means that my users’ won’t be able to edit their profiles at all. What I need is a way that some profile info can be changed by the user themselves (firs name, last name, address info, etc.), but other data is hidden from them and can’t be changed (thinks like subscription expiry date). How have you handled that?