10Jul/096
Require login to view a Wordpress site
On a Wordpress site I have setup, I needed the ability to require user authentication before allowing anyone to view the website. To do this, just add the following snippet to the theme files:
get_currentuserinfo();
global $user_ID;
if ($user_ID == '')
{
header('Location: wp-login.php');
}
Now you will be greeted with the Wordpress login page when entering the site without being authenticated! Note that if you want to be completely sure that no one can retrieve any information without authenticating, you need to either modify the Wordpress core files, or use some other type of authentication outside of the Wordpress code, such as a basic auth in the webserver.
Edit: I created a Wordpress plugin which does this in a much better way - WP Require Auth plugin released.
Tags
apple
backup
book
debian
email
game
google
gtd
guide
hosting
htpc
im
india
iphone
lens
linux
mac
mail
media
music
nikon
photo
photowalk
plugin
politics
portable
Project365
published
reading
review
security
server
social
software
spam
stockholm
theme
twitter
ubuntu
vfr
web
website
windows
wordpress
writing
Categories
Misc
Lifestream
-
@cassiopeja You need to start drinking coffee. ;) [johnnychadda]
-
@cassiopeja You can always sleep after the lecture. :) [johnnychadda]
-
-
Shared 20 photos.
-
Finally got the new Facebook design. :-) [johnnychadda]
-
RT @cassiopeja: That is made of awesome: http://www.newgrounds.com/portal/view/525347 [johnnychadda]
-
-
RT @JesperBylund: Chris at #geekmeetsthlm best advice to avoid crashes: "don't use flash" I can hear jobs opening champagne... [johnnychadda]
-
Superbowl took its toll. We'll see if I can stay awake to attend #GeekMeet in a while. [johnnychadda]
-
@dth tr3tt1 [johnnychadda]
August 13th, 2009 - 22:32
I had better luck putting your code into:
wp-blog-header.php
right uder where wordpress loads:
wp();
Putting it in the template kept giving me errors that the header was already sent.
August 13th, 2009 - 22:44
It’s probably best not to modify the core files since they will be overwritten on update. Are you sure that you are putting the code at the top of the theme files? Directly after <?php
October 7th, 2009 - 15:24
Thanks!
I used this on my blog too, like ws0×9 I had better luck with it in the header file!
October 7th, 2009 - 21:26
Great that it works!
October 29th, 2009 - 19:35
“Note that if you want to be completely sure that no one can retrieve any information without authenticating you need to either modify the Wordpress core files, or use some other type of authentication outside of the Wordpress code, such as a basic auth in the webserver.”
How would someone go about retrieving my information if I don’t use any outside authentication? I want to understand the vulnerabilities before I implement this.
October 30th, 2009 - 13:07
You can get the posts using the RSS feed for instance and from there, retrieve the links for different post listings. I guess there could be a plugin available that does this in a better way. I might write one otherwise, when I have time.