Restricted Site Access
Restrict access to registered users and specific IP addresses. Control restriction behavior.
Limit access your site to visitors who are logged in or accessing the site from a set of specified IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. A great solution for Extranets, publicly hosted Intranets, or parallel development / staging sites.
Adds a number of new configuration options to the Reading settings panel as well as the Network Settings panel in multisite. From these panels you can:
- Enable or disable site restriction
- Change the restriction behavior: send to login, redirect, display a message, display a page
- Add IP addresses to an unrestricted list, including ranges
- Quickly add your current IP to the unrestricted list
- Customize the redirect location, including an option to send them to the same requested path and set the HTTP status code for SEO friendliness
- Define a simple message to show restricted visitors, or select a page to show them – great for “coming soon” teasers!
[email protected] on
Interested in checking out your plugin, but see it hasn’t been updated in over a year. Wondering if there are any security issues or compatibility with latest WordPress build? Thanks.
Jake Goldman on
There are not. Works fine with newer versions. :-)
Paul on
Curious –
I’m needing a plugin that will be a way to limit access to visitors unless they live in specific STATES.
This is for a 401K Benefits company an their are all sorts of regulations they must follow – they can not display their website to anyone who does not live in the state where the broker is licensed.
The regulations suggest a drop down menu and depending on if they pick the state(s) you are licensed they will not get in to see the info, if they do pick the correct states they can then view site.
Does this plugin do this?
Thanks in advance.
Jake Goldman on
Not out of the box. A developer can use its action and filter hooks, extending it for your purposes, however.
scott on
I’ve been testing the plugin for a few weeks and it was working nicely. The WP 3.9 update however appears to have broken it. I get an endless loop back to the login screen despite valid ID/password combinations. Is there a fix? De-activating the plug-in allows full display of the content.
Jake Goldman on
I can confirm that it’s working with WordPress 3.9. Can you tell me more about your configuration?
Matt on
This plugin is great for an intranet. One thing I’m trying to do, but can’t seem to get it to work. I’m using gravity forms with the ability to embed a form in an external website:
https://github.com/bradyvercher/gravity-forms-iframe
I need to make my gfembed.php file accessible from the outside, could you check my work:
add_filter( ‘restricted_site_access_is_restricted’, ‘gfembed_override’ );
function gfembed_override( $is_restricted ) {
global $wp;
// check query variables to see if this is the feed
if ( file( home_url() . ‘gfembed.php’) )
$is_restricted = false;
return $is_restricted;
}
Matt on
oh .. got it:
add_filter( ‘restricted_site_access_is_restricted’, ‘gfembed_override’ );
function gfembed_override( $is_restricted ) {
global $wp;
$url = site_url() . ‘/gfembed.php’;
$fileExists = is_file($file);
// check query variables to see if this is the feed
if ( ! $fileExists )
$is_restricted = false;
return $is_restricted;
}
Alex on
Hi, what about restricting to a web host instead of just an ip ?
Jake Goldman on
Not sure I follow. PHP let’s us identify the host IP address.
Ivan on
Cool plugin I managed to be blocked somehow that I can not access my site. Is there any way to pass over that by editing something through ftp?
And I would suggest to add a truing for translation which says: Your IP (ХХХ.ХХХ.ХХХ.ХХ) has been flagged for potential security violations. Please try again in a little while…
Ivan on
Oops! It was BruteProtect who was blocking my site and that message is also related to it. :-)
Jake Goldman on
Glad to hear it wasn’t us!
jose on
Hello, i have the web http://www.kuvus.com and I need a plugin to denied access to some IP at some URL of my web. For instance, if a IP entry 10 times in a url, I want to denied it during 24hours.
It is posible in your plugin?
Any plugin can do it?
thanks
Jake Goldman on
Sorry – this plugin doesn’t log the number of attempts from any IP address. It can be extended using the built in filters to reverse its behavior (hide based on IP rather than show based on IP), but it seems like that alone won’t accomplish your goal.
Benji Decker on
Hey there. Really useful plugin. Don’t know if anyone else has had this problem, although there actually seems to be a conflict with the “Community Events” add-on to plugin “The Events Calendar”.
We’re gonna work on the issue, but if you guys or anyone else by chance any information?
Thanks!
Benji
Jake Goldman on
Not familiar with this conflict. Can you provide additional detail?
S|W on
Great plugin thanks. Only issue we have is we have limited non-registered users to the wp-login page but if somebody has forgotten a password and clicks the link it obviously still holds them at the wp-login page.
How do we free up the password reset page? I’ve read your note on hooks but don’t know how to apply it to this?
Thanks
Jake Goldman on
We’ll investigate. The password reset page is expected to work.
SIW on
Thanks. Any update on this?
David Le Puil on
I’ll love this plugin but I have some trouble to set it up.
When I want to enter an adress IP, just nothing happen. I mean that the IP I enter is not recorded and still bloqued.
If you have any Idea about that, i’ll be happy.
Thx
Bbemol on
Hi Jack, thanks for your plugin ! It works great. Do you have any advice if we want to make a website even more restricted, blocking uploaded media for instance…?
Thanks,
Benjamin.
Nico on
Can i add this like a widget in the dashboard? Because i have a user without access to reading options and is this user the responsable to do this operation, so i want put this like a widget in the dashboard. Thanks!
Karen on
Hi there, I would like the option of restricting pages by IP rather than the site as a whole (I’m using WP as an intranet – all our staff are members of the site). Is this possible with your plugin? Thanks, Karen
Gustavo on
Please, I need your help , I used this plugin on the intranet of my company , now I need always to login go to the homepage and not the admin screen, how can I do ? Thank U!
jhonjuele on
Hi Jake, I wanted to exclude woocommerce lost password. This means I don’t want to include this subpage to be redirected,
Eric on
hi there, great plugin, is there any way to restrict only access to the rss feeds? i need my site to be available for all, but need to restrict the rss feeds to certain IPs (or users)
tnx, eric
Ben Doherty on
Hello,
I’ve noticed that this plugin will break other modules that use the `parse_request` hook by causing those hooks to not fire.
It does this here:
121 remove_action( ‘parse_request’, array( __CLASS__, ‘restrict_access’ ), 1 ); / / only need it the first time
Which causes the hook that calls `restrict_access` on `parse_request` action from the `$wp_filters` array. But this removal causes the loop iterating over it in do_action_array_ref() to stop running after `restrict_access` is executed. I think it’s because the loop uses current() on the array, and that PHP is a bad language.
One way around this might be to break the removal of the action hook into a separate action on parse_request with a very high priority (100000?), but I don’t know if this is exactly ideal.
This is in WordPress 4.2.1. Hope you find this helpful!
Jake Goldman on
Thanks for the heads up (and good to hear from you, Ben). I’ll put out an update within the next week or two.
Ivan Dyakov on
Hi,
Thanks for the great plugin. It worked great for me for quite a long time but recently I faced one issue I can not resolve myself. I have moved my demo site to another server so I had to update DNS settings for the domain. I have a multi-site network and at each blog I have “Send them to the WordPress login screen” set. The problem I’ve got is that I can not access the site outside of range of preset IPs by login and password or registered user. I get into a loop of many redirects. So it looks like old DNS settings are recorded somewhere and I can not flash them. Clean browser cash didn’t help (this issue appears in all browsers on different devices). If I access the site from IP which is present in the settings everything is fine. So the issue is only appears with redirection from WP login page when I enter access credentials.
David Lankes on
What is the format for entering in ranges of IP addresses?
Alan on
Does this plugin still work?
1) For some reason the plugin disappeared from our WordPress.
2) After re-installing it, now the Plugin’s Settings / The Reading Options Page is completely blank.
If I deactivate the plugin, the reading options page shows again. (/wp-admin/options-reading.php)
Please help!
Jake Goldman on
We’re unable to replicate this. Can you tell us a bit more about your setup? Browser / version of WordPress & PHP, server (are you using IIS?), network/multisite or single site…?