Tracksies Packsie

⌘K
  2. Home
  4. Docs
  6. Tracksies Packsie
  8. Staff Setup
  10. Kiosk Mode & Page Protection

Kiosk Mode & Page Protection

Going full-screen with kiosk mode

Kiosk mode completely replaces your WordPress theme with a minimal HTML wrapper. No header, no footer, no sidebar, no navigation menu — the dashboard takes over the entire screen.

This is designed for dedicated warehouse devices — a tablet mounted on the packing bench, a screen at the returns desk, a laptop that lives in the warehouse. The kind of device where someone logs in at the start of their shift and the dashboard is all they need.

If you want your staff dashboard to feel more like a dedicated app than a WordPress page, kiosk mode is how you get there.

Setting up kiosk mode

Kiosk mode requires two things: a designated page in your settings, and the kiosk toggle turned on.

  1. Go to Tracksies > Settings and find the Packsie section
  2. Select your staff dashboard page from the Dashboard Page dropdown
  3. Turn on the Kiosk Mode toggle

That’s all it takes. The next time someone visits that page, they’ll see the kiosk view instead of your regular theme.

Important: Kiosk mode only works on the designated page you select in settings. If you’ve placed a staff shortcode on a different page, or haven’t selected a page at all, kiosk mode won’t activate. This is by design — you might want the shortcode embedded in a regular page somewhere else without triggering kiosk mode.

What kiosk mode looks like

When kiosk mode is active, the page renders with a minimal template:

  • The dashboard header, which includes the tab navigation bar, the current user’s display name, and a Logout link so staff can sign out when their shift ends
  • The tab content area, filling the rest of the screen
  • No WordPress admin bar, no theme header, no footer, no sidebar, no navigation menus

The result is a clean, focused interface that looks more like a dedicated app than a website. Staff see the tabs they have permission to access (Orders, Returns, Customers) and nothing else.

Search engine protection

Dashboard pages should never appear in Google or any other search engine. Packsie handles this automatically, and there are extra layers you can add for peace of mind.

Automatic noindex meta tag

Every page that contains a staff shortcode automatically gets a noindex, nofollow meta tag injected into the page head:

<meta name="robots" content="noindex, nofollow" />

This covers all four staff shortcodes:

  • [tracksies_staff_dashboard]
  • [tracksies_packing_dashboard]
  • [tracksies_returns_dashboard]
  • [tracksies_staff_hub]

Here’s what the meta tag tells search engines:

  • noindex — don’t add this page to your search results
  • nofollow — don’t follow any links on this page

This happens automatically. You don’t need to configure anything, and it works on any page where you’ve placed any of these shortcodes — whether or not you’ve selected it as the designated page in settings.

Kiosk mode pages get the same meta tag in the minimal template, so they’re protected too.

Sitemap exclusion (recommended)

The noindex meta tag is your primary protection, and search engines respect it. But for belt-and-suspenders security, we recommend also excluding your dashboard page from your sitemap.

If you use Yoast SEO:

  1. Edit your staff dashboard page
  2. Scroll to the Yoast SEO section
  3. Click the Advanced tab
  4. Set “Allow search engines to show this page in search results?” to No

If you use RankMath:

  1. Edit your staff dashboard page
  2. Click the Advanced tab in the RankMath section
  3. Set the Robots Meta to noindex

If you use another SEO plugin: Look for a per-page option to exclude from the sitemap or set the page to noindex. Most SEO plugins offer this.

This is optional — the automatic noindex meta tag already prevents indexing. But excluding from the sitemap also prevents the URL from being listed, which is a nice extra layer.

WordPress robots.txt

For an additional layer of protection, you can add your dashboard page path to your site’s robots.txt file:

Disallow: /staff-dashboard/

Replace the path with whatever URL your dashboard page uses. This tells search engine crawlers not to even visit that URL.

Password protection (optional extra layer)

WordPress has built-in page password protection. If you want an extra barrier beyond role-based access:

  1. Edit your dashboard page
  2. In the publish settings, click Visibility
  3. Choose Password Protected and enter a password
  4. Click Update

Staff need the password to view the page content. This is a blunt tool — role-based access control is more practical for daily use — but it works in a pinch for maximum lockdown.

Shortcode pages vs designated pages

An important distinction: some protections apply to any page with a staff shortcode, and some only work on the designated page you select in Packsie settings.

Protections on every page with a staff shortcode

These work automatically on any page that has [tracksies_staff_dashboard], [tracksies_packing_dashboard], [tracksies_returns_dashboard], or [tracksies_staff_hub] in its content, whether or not you’ve selected it as the designated page in settings:

  • Access check — the dashboard checks the user’s role and capabilities before rendering. Unauthorised users see the access denied message or get redirected (depending on your settings).
  • noindex, nofollow meta tag — automatically injected into the page head. Search engines won’t index the page.
  • Unauthorised redirect — if you’ve configured a redirect URL in Packsie settings, it applies on any page with the shortcode, not just the designated page.

In short: if a staff shortcode is on the page, the page is protected. You don’t need to select it as the designated page for these protections to kick in.

Features that require the designated page

This only works when you’ve selected the page in Tracksies > Settings > Packsie section via the Dashboard Page dropdown:

  • Kiosk mode — the full theme replacement with the minimal wrapper

This is by design. You might embed the shortcode on a regular page somewhere — maybe a staff resources page with other content around it. You probably don’t want kiosk mode on that page. Kiosk mode only activates on the page you’ve explicitly designated for it.

What protection is in place by default

Here’s a summary of every protection layer, from automatic to optional:

Automatic (on any page with a staff shortcode — no configuration needed):

  • Access check — only users with the correct role or capability see the dashboard
  • noindex meta tag — tells search engines not to index the page
  • Access denied message — shows a message to unauthorised users (default behaviour)

Configurable (also works on any page with a staff shortcode):

  • Unauthorised redirect — sends unauthorised users to a different URL instead of showing the access denied message

Designated page only (requires page selection in settings):

  • Kiosk mode — strips the theme wrapper for dedicated devices

Recommended:

  • Sitemap exclusion — remove your dashboard page from your SEO plugin’s sitemap

Optional extras:

  • robots.txt disallow — block crawlers from visiting the URL entirely
  • Password protection — WordPress built-in page password for maximum lockdown

The first three happen automatically wherever a staff shortcode is used. The rest are layers you can add based on your needs.

How can we help?

Leave the first comment