Restricted Site Access
Restrict access to registered users and specific IP addresses. Control restriction behavior.
Limit access your site to visitors who are logged in or accessing the site from a set of specified IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. A great solution for Extranets, publicly hosted Intranets, or parallel development / staging sites.
Adds a number of new configuration options to the Reading settings panel as well as the Network Settings panel in multisite. From these panels you can:
- Enable or disable site restriction
- Change the restriction behavior: send to login, redirect, display a message, display a page
- Add IP addresses to an unrestricted list, including ranges
- Quickly add your current IP to the unrestricted list
- Customize the redirect location, including an option to send them to the same requested path and set the HTTP status code for SEO friendliness
- Define a simple message to show restricted visitors, or select a page to show them – great for “coming soon” teasers!
- Rating
- Requires 5.7+
- Downloads 812,754
- Updated 2023-12-14
Interested in checking out your plugin, but see it hasn’t been updated in over a year. Wondering if there are any security issues or compatibility with latest WordPress build? Thanks.
There are not. Works fine with newer versions. :-)
Curious –
I’m needing a plugin that will be a way to limit access to visitors unless they live in specific STATES.
This is for a 401K Benefits company an their are all sorts of regulations they must follow – they can not display their website to anyone who does not live in the state where the broker is licensed.
The regulations suggest a drop down menu and depending on if they pick the state(s) you are licensed they will not get in to see the info, if they do pick the correct states they can then view site.
Does this plugin do this?
Thanks in advance.
Not out of the box. A developer can use its action and filter hooks, extending it for your purposes, however.
I’ve been testing the plugin for a few weeks and it was working nicely. The WP 3.9 update however appears to have broken it. I get an endless loop back to the login screen despite valid ID/password combinations. Is there a fix? De-activating the plug-in allows full display of the content.
I can confirm that it’s working with WordPress 3.9. Can you tell me more about your configuration?
This plugin is great for an intranet. One thing I’m trying to do, but can’t seem to get it to work. I’m using gravity forms with the ability to embed a form in an external website:
https://github.com/bradyvercher/gravity-forms-iframe
I need to make my gfembed.php file accessible from the outside, could you check my work:
add_filter( ‘restricted_site_access_is_restricted’, ‘gfembed_override’ );
function gfembed_override( $is_restricted ) {
global $wp;
// check query variables to see if this is the feed
if ( file( home_url() . ‘gfembed.php’) )
$is_restricted = false;
return $is_restricted;
}
oh .. got it:
add_filter( ‘restricted_site_access_is_restricted’, ‘gfembed_override’ );
function gfembed_override( $is_restricted ) {
global $wp;
$url = site_url() . ‘/gfembed.php’;
$fileExists = is_file($file);
// check query variables to see if this is the feed
if ( ! $fileExists )
$is_restricted = false;
return $is_restricted;
}
Hi, what about restricting to a web host instead of just an ip ?
Not sure I follow. PHP let’s us identify the host IP address.
Cool plugin I managed to be blocked somehow that I can not access my site. Is there any way to pass over that by editing something through ftp?
And I would suggest to add a truing for translation which says: Your IP (ХХХ.ХХХ.ХХХ.ХХ) has been flagged for potential security violations. Please try again in a little while…
Oops! It was BruteProtect who was blocking my site and that message is also related to it. :-)
Glad to hear it wasn’t us!
Hello, i have the web http://www.kuvus.com and I need a plugin to denied access to some IP at some URL of my web. For instance, if a IP entry 10 times in a url, I want to denied it during 24hours.
It is posible in your plugin?
Any plugin can do it?
thanks
Sorry – this plugin doesn’t log the number of attempts from any IP address. It can be extended using the built in filters to reverse its behavior (hide based on IP rather than show based on IP), but it seems like that alone won’t accomplish your goal.
Hey there. Really useful plugin. Don’t know if anyone else has had this problem, although there actually seems to be a conflict with the “Community Events” add-on to plugin “The Events Calendar”.
We’re gonna work on the issue, but if you guys or anyone else by chance any information?
Thanks!
Benji
Not familiar with this conflict. Can you provide additional detail?
Great plugin thanks. Only issue we have is we have limited non-registered users to the wp-login page but if somebody has forgotten a password and clicks the link it obviously still holds them at the wp-login page.
How do we free up the password reset page? I’ve read your note on hooks but don’t know how to apply it to this?
Thanks
We’ll investigate. The password reset page is expected to work.
Thanks. Any update on this?
I’ll love this plugin but I have some trouble to set it up.
When I want to enter an adress IP, just nothing happen. I mean that the IP I enter is not recorded and still bloqued.
If you have any Idea about that, i’ll be happy.
Thx
Hi Jack, thanks for your plugin ! It works great. Do you have any advice if we want to make a website even more restricted, blocking uploaded media for instance…?
Thanks,
Benjamin.
Can i add this like a widget in the dashboard? Because i have a user without access to reading options and is this user the responsable to do this operation, so i want put this like a widget in the dashboard. Thanks!
Hi there, I would like the option of restricting pages by IP rather than the site as a whole (I’m using WP as an intranet – all our staff are members of the site). Is this possible with your plugin? Thanks, Karen
Please, I need your help , I used this plugin on the intranet of my company , now I need always to login go to the homepage and not the admin screen, how can I do ? Thank U!
Hi Jake, I wanted to exclude woocommerce lost password. This means I don’t want to include this subpage to be redirected,
hi there, great plugin, is there any way to restrict only access to the rss feeds? i need my site to be available for all, but need to restrict the rss feeds to certain IPs (or users)
tnx, eric
Hello,
I’ve noticed that this plugin will break other modules that use the `parse_request` hook by causing those hooks to not fire.
It does this here:
121 remove_action( ‘parse_request’, array( __CLASS__, ‘restrict_access’ ), 1 ); / / only need it the first time
Which causes the hook that calls `restrict_access` on `parse_request` action from the `$wp_filters` array. But this removal causes the loop iterating over it in do_action_array_ref() to stop running after `restrict_access` is executed. I think it’s because the loop uses current() on the array, and that PHP is a bad language.
One way around this might be to break the removal of the action hook into a separate action on parse_request with a very high priority (100000?), but I don’t know if this is exactly ideal.
This is in WordPress 4.2.1. Hope you find this helpful!
Thanks for the heads up (and good to hear from you, Ben). I’ll put out an update within the next week or two.
Hi,
Thanks for the great plugin. It worked great for me for quite a long time but recently I faced one issue I can not resolve myself. I have moved my demo site to another server so I had to update DNS settings for the domain. I have a multi-site network and at each blog I have “Send them to the WordPress login screen” set. The problem I’ve got is that I can not access the site outside of range of preset IPs by login and password or registered user. I get into a loop of many redirects. So it looks like old DNS settings are recorded somewhere and I can not flash them. Clean browser cash didn’t help (this issue appears in all browsers on different devices). If I access the site from IP which is present in the settings everything is fine. So the issue is only appears with redirection from WP login page when I enter access credentials.
What is the format for entering in ranges of IP addresses?
Does this plugin still work?
1) For some reason the plugin disappeared from our WordPress.
2) After re-installing it, now the Plugin’s Settings / The Reading Options Page is completely blank.
If I deactivate the plugin, the reading options page shows again. (/wp-admin/options-reading.php)
Please help!
We’re unable to replicate this. Can you tell us a bit more about your setup? Browser / version of WordPress & PHP, server (are you using IIS?), network/multisite or single site…?