Locking a WordPress website against anonymous users

For a long period of time I used Members plugin for locking up the website and redirecting all requests to the default WordPress login page whenever I needed to create a private website. Recently I had a similar task, to I tried the same approach, but I was surprised by the changes that have taken place while I was “gone”.

The plugin is now called User Role Editor by Members – Best User, Role and Capability Management Plugin for WordPress. I do remember a rule that was saying a title has to be a title and not a bloody description of the plugin, but hey, who am I to judge?

Another change was the set of functionalities that the plugin now has. The current owners and developers have created something of a freemium add-ons based business model. That’s cool, but I just need a plugin for closing my site for the general public.

Anyways, I tried disabling all features but the one for redirecting anonymous traffic to my login page + restricting the feeds and the REST API… result was repeating redirection to the login page every time I provide correct credentials. Meh…

As I did not have enough time to investigate why it wouldn’t work on a mint WordPress 5.3.2 installation, I decided to move along and find another one that would fit my needs without all the new features.

My Private Site turned out to be a neat simple plugin that is no longer maintained, but yet – it works like a charm with just a single checkbox clicked from its settings. I guess I’ll be switching to this one on my other sites then.

P.S. It’s somewhat important to have in mind, that My Private Site falls short in hiding the content from the RSS Feeds and REST API, so you should take some extra measures to lock these. Disable Feeds and Disable REST API plugins did the job for me, but generally these could be achieved by a few lines of PHP code for returning “false” for a bunch of filters.

Leave a Reply

Your email address will not be published. Required fields are marked *