Restricted Site Access
Restrict access to registered users and specific IP addresses. Control restriction behavior.
Limit access your site to visitors who are logged in or accessing the site from a set of specified IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. A great solution for Extranets, publicly hosted Intranets, or parallel development / staging sites.
Adds a number of new configuration options to the Reading settings panel as well as the Network Settings panel in multisite. From these panels you can:
- Enable or disable site restriction
- Change the restriction behavior: send to login, redirect, display a message, display a page
- Add IP addresses to an unrestricted list, including ranges
- Quickly add your current IP to the unrestricted list
- Customize the redirect location, including an option to send them to the same requested path and set the HTTP status code for SEO friendliness
- Define a simple message to show restricted visitors, or select a page to show them – great for “coming soon” teasers!
- Rating
- Requires 5.7+
- Downloads 800,994
- Updated 2023-12-14
Hi, the IP range function doesn’t works for me.
Bst regards!
Elaborate?
This may be of some help;
http://www.gadgetwiz.com/network/netmask.html
How do you leave a page open for people to register. I found some code for rss feed but I can’t get it to leave a page open for me. Someone HELP, please.
The only way is to use the hook in the plug-in that checks for whether a page should be restricted.
Like others above, I would love to be able to allow unrestricted access to my public registration pages. Can you elaborate on using the hook in the plugin to detect which pages should be unrestricted? Thanks for a great plugin!
as I have confidential media I need to have also the access to the media restricted. I found the media can be accessed (if I have the URL) even if not logged in.
Is there a chance of having the media alos restrictedly accessable?
It’s something we’re looking at adding in the future, but adds significant complexity (and website overhead) to the plug-in. At the moment, there’s no way to do that.
I’d love to hear your thoughts on this. I’ve currently developed a solution for my companies intranet site and as you say there is a lot of overhead.
By the way great plugin!
The only truly secure way to prevent non-script files (e.g. images, PDFs, etc) from being linked to directly is to block their folder from public web access and “stream” the documents via PHP (there are several ways to handle rerouting media links through PHP). Streaming is extremely resource intensive as everything is pushed through PHP – large documents (say, a 10mb PDF) can be killer, especially with concurrent downloads. If someone has another approach, I’m all ears!
Can you change the request rewriting rules in .htaccess?
I believe the current rules negate rewrites to index.php if a matching file exists on the server. Instead what if they where negated if a cookie & code was set, a host IP was within a range, ect AND the file existed otherwise WordPress would handle an access denied message.
It wouldn’t be easy via a plugin, but it might be possible.
Possible yes, and a consideration… more complex features like this are difficult to prioritize within a free plugin!
Thank you so much for this plugin! Is there a way to use it to limit the login to only one session per username?
I appreciate your help.
Nope. It uses WordPress’s standard way of authenticating, which isn’t something I want this plug-in to modify.
Hi Jake…thanks for this easy to use plugin. It is very helpful and allowed me to resolve the need for a registration landing page easily while keeping my wootheme custom homepage setup. A couple of things I noticed:
1. When I access the site via mobile the plugin does not divert to the assigned page. I am not using a special mobile version of the site as it is a responsive theme and automatically sizes for mobile. Nor am I using an app for mobile.
2. I really like the unrestricted access option…another thought here is a setting that allows registered users to bypass the redirect.
3. Regarding site visibility…when I select restrict to logged in visitors…does this block the search engines from indexing the site? It’s like there are three choices, encourage, discourage and logged in user.
Regards,
Will
1. The plug-in doesn’t care where the viewer is coming from, so *something* in your stack is doing more than responsive design / media queries.
2. I don’t follow. Logged in users aren’t redirected.
3. Yes it blocks search engine. It has to! You have to be logged in to see your content!
Hi
I have tried the plugin again and now it works as it is meant to. I know have a different problem which is that even when trying to access the RSS feed from an unrestricted IP address I get directed to the login. Something doesn’t seem quite right with this behaviour. Any ideas? You mention this as a method but in all honesty my knowledge is not sufficient to use the instruction to do what I want:
‘The only way is to use the hook in the plug-in that checks for whether a page should be restricted.’
thanks for your help
Your plugin does what it says, but even more. My users come to my website, register or log in, that’s ok. But then they click on a link that redirects them to an album (on the same website), they watch the album, click on the link to return to the main page and they have to login again. Protection is one thing, annoying my users to the point that they never come back is another. What can I do to solve that problem?
This is definitely a problem with your website setup, not the plug-in. It sounds like either your link (or your website) is logging your visitors out why they return to the main page.
Was hoping that this was exactly what I needed, but it appears it requires that the whole site be locked out or not. I am looking for individual pages to locked out and redirected (if need be). Nice work though.
You can make the plug-in do this with its hooks, but out of the box, it’s intended to a simplistic “site blocker”.
Can anyone tell me if the feed problem has been solved, please?
The feed is blocked if the visitor is not logged in or allowed, though you can add an exception using the built in filters.
Thanks for this Jake,
I’m trying to find where/how one would add an exception to the built in filters. I tried using the below in my functions.php:
add_filter( ‘restricted_site_access_is_restricted’, ‘my_rsa_feed_override’ );
function my_rsa_feed_override( $is_restricted ) {
global $wp;
// check query variables to see if this is the feed
if ( ! empty( $wp->query_vars[‘feed’] ) )
$is_restricted = false;
return $is_restricted;
}
But this caused issues.
Thanks!
Hi,
Could I block access to certain page by certain IP addresses?
You could… but that’s not something we support.
Hi.
Is it possible to “unrestrict” only 1 page that could be reach by it’s address ?
Thanx !
Yes, using the built in filters.
Hi. I need to restrict access to one page and its contents:
1. I would like more details on the ‘hook’ method you refer to above
2. would a second website with full site protection be a better solution
3. my private videos are on screencast.com which only has password protection (like WP) so is only as secure as users not giving out the password. Instead of the PHP streaming you mention above would a better solution be a dedicated server with IP restricted access to the server?
Thanks. Great plugin.
Hello, I would like to know how I can add 500 ips once a time. I don’t find where the IPs are stocked. Could you help ? Thanks.
They are stored as serialized data in the plugin’s row in the options table. Unfortunately, there’s no easy bulk import method.
Hey Jake,
Great little plugin here, thanks a lot. I’m trying to get a range of IPs able to access the site, and just wondering how exactly I do that.
For instance allowing;
203.21.235.14 to 203.21.235.253 on subnet 255.255.0.0
How would I do this?
Thanks again,
Nick.
Jake,
Thanks for a great plugin. I use it primarily for restricting/redirecting access to my live development server for showing clients updates etc, and it works great.
Now I’m currently using it to keep a site only available to an intranet and other IPs (don’t worry, security to files isn’t an issue here).
The thing I’m trying to implement now is enabling google to index the site, while being restricted to other visitors. I’ve added in my own code to the effect of;
if (preg_match(“/googlebot/i”, $_SERVER[‘HTTP_USER_AGENT’])) {
return;
}
From what I can tell it seems to work, although I’m just waiting on google to try another index that I’ve requested. What are your thoughts? I realise useragents can be spoofed, although in my application, this isn’t an issue.
Thanks again,
nickm.
Have you considered a version that would simply restrict access to /wp-admin, and not the whole site? I’m looking for a solution that will do that without stomping over the other security plugins that we have active. I’m finding other plugins that have the feature, but a lot of other bloat.
Doesn’t really jive with the point of the plug-in. It’s intended to restrict the front end and *allow* visitors to log in (via wp-admin) to see the site.
I used your plugin for my site. I then deleted it but the search engines don’t recognize my website anymore. I’m not able to see it in google and it’s been weeks since I used your plugin. What can I do about it?
Thanks
Check Settings > Reading and make sure the option to discourage search engines is off.
This option was already off. What is the next step.
Thanks
The IP-Adress feature doesn’t work for me properly. When I enter my actual IP 84.254.xxx.xxx, the site is accessable from every IP I test. Except that your tool works without problems.
Are you using a page caching system?
Hello. Great plugin.
I have a question; I have a need to temporarily disable this plugin. I tried to simply check the box to allow search engine index but this did not work. I also deactivated the plug in but logging in is still required.
How do I disable the plugin?
Thanks
Fixed. Must have been caching. I tried on another device. Thanks!
Just choose something other than the block site option. If that doesn’t work, there’s either a caching issue or another reason the site is blocked.
Hi, Jake your plugin is really great! But i have a question: I want to give access only to people who are register in my autoresponder list (aweber), my subscribers can see all posts, but is there a way to do it automatically,? The subscribers dont need to login in my blog? Maybe recognizing IP adress or cookie…i dont know… Can you help me?
There may be a way, but it would take some focused consulting to figure this out. Recommend you find a developer.