How-To: Password Protect Your Entire WordPress Blog
by Omni on May.20, 2009, under How-To Guides
If you have always wanted to have a blog, but have been frightened that somebody who shouldn’t read it may read it, have no fear. There are always ways to protect your content. Sure, you can always use the .htaccess file to password protect the entire blog directory, but that looks ugly. You can also password protect individual posts, but then you have to do that for each one, and also your titles are not hidden. The most effective way to protect your blog would be to just allow access to only registered users, and then disable user registration (so that you have sole control of who reads your blog). You can do this without even installing a plugin, but by simply making a small tweak of one of your theme files. Keep reading for the guide.
- In your WordPress admin panel, go to Users -> Add New and create a new account. This will be used by whoever you want to be able to read your blog.
- Go to Settings -> General and make sure “Anyone can register” is unchecked.
- Go to Appearance -> Editor -> Theme Functions (functions.php) and add the following code somewhere (if it is at the top of the page, it should be after the <?php and not in between a /* and */). Just keep in mind that you may need to replace the fancy quotes (which Wordpress automatically changes in this post) to regular quotes, found on the key next to Enter (both single quotes and double quotes) when copypasting the code:
function password_protected() {
if ( !is_user_logged_in() ) {
auth_redirect();
}
}add_action(’template_redirect’, ‘password_protected’);
add_action(’do_feed’, ‘password_protected’); - Under Settings -> Discussion, uncheck “Attempt to notify any blogs linked to from the article (slows down posting.)” and “Allow link notifications from other blogs (pingbacks and trackbacks.)”
- In Settings -> Privacy, select “I would like to block search engines, but allow normal visitors” for Blog Visibility.
Now whenever somebody tries to access the blog, it will ask for a password before they can see anything. It’s great if you only want certain people to have access to what you post, etc.
Did you like what you read? Be sure to get the latest posts emailed straight to you or subscribe to our RSS feed for the latest posts.
July 29th, 2009 on 4:23 am
Dear Hacksar,
I appreciate your guide on password protecting a wordpress blog. I have been looking for this exact thing and have been unable to find help.
My need is to simply not show the front end of the blog until the reader enters a password.
However, I cannot get your guide to work. Nothing happens once I have completed all the steps and the blog is as open as always.
Do you have the time and energy to provide some feedback?
Cheers,
Anders
July 29th, 2009 on 6:53 am
If you have completed ALL the steps (down to the letter, very carefully – such as placing the given code after the < ?php and before the ?> and also making sure it’s NOT after a /* and before a */, then I have a few questions that may help me figure out what may be wrong).
Are you logged out when you try to view your blog? Make sure that you are logged out (if you can’t find the “Log Out” link anywhere, try going to http://www.yoursite.com/blog/wp-login.php?action=logout and change the link to fit where your blog is, leaving the wp-login.php?action=logout part). Many times, WordPress will save your login and so it will automatically show you the blog, since it knows that you are already logged in. Try accessing it through a browser you haven’t used before (or on a computer you haven’t viewed the site with before). Firefox’s Private Browsing can come in handy here (Tools -> Start Private Browsing) as it will open a new window that does not use any saved pages/passwords (but they won’t be cleared from your regular browsing).
Do any of those suggestions help?
August 5th, 2009 on 3:40 am
Dear Omni,
Thanks for your reply. I have tried to comment a few times but I don’t seem to be allowed to. I’ll try once more.
I did sign out as well as trying the functionality in several other browsers.
I am quite certain I have completed alle the steps down to the letter.
This leaves only the code to add in the functions.php. Perhaps you could have a look. You can see it here.
http://gorgork.dk/hacksar/functions.txt
Hope to hear from you,
Cheers,
Anders
August 5th, 2009 on 7:13 am
I think I see what is wrong with your functions.php file.
See the lines with add_action in them? the quotes you’re using around the texts (like `template_redirect` and `password_protected`) are the wrong quotes. Make sure you open it in a plain text editor (notepad/textedit) OR do it directly using wordpress’s built in template editor and change all those quotes in the add_action calls to single quotations (like ‘ and ‘). they start and end should look the same – it’s just the button to the left of the enter key on a traditional keyboard (double quotes (”) without the shift).
Tell me if that works.
August 5th, 2009 on 9:54 am
Mr. Omni, you are indeed the man:o)
Can’t thank you enough: That did the trick.
I am still learning my way around all this wordpress and php stuff. Rookie mistake, I assume, with the incorrect characters.
Anyway, I do so appreciate you taking the time to help. If you are ever in the Copenhagen, Denmark area (not likely, but still:O) there’s a brew coming your way.
Cheers,
Anders
August 18th, 2009 on 5:38 pm
Thank you, thank you, thank you, a million times over! I’ve spent hours looking for a good solution, tried all kinds of crazy plugins, and this did EXACTLY what I wanted it to.
I had trouble at first, but that was because the web was re-formatting your quotes. As soon as I did it as plain text, it worked perfectly. Easy install.
Thanks again.
August 18th, 2009 on 9:50 pm
Wordpress fancy-fying the quotes seems to be a common problem. I’ll edit the post and add a note for future readers. Glad it helped, and tell your friends about Hacksar!
September 2nd, 2009 on 2:11 pm
Thank you so much!!
I set up a private blog a while ago and was having difficulties with the password protection but your guide has just solved all my problems.
You just made my day, thank you!
Jen
October 10th, 2009 on 6:17 pm
How do you set a particular password?
November 9th, 2009 on 12:28 am
Thank you for this elegant solution. Nothing else worked. Also, thank you for reiterating the issue with the quote marks. I had copied and pasted into notepad thinking it would strip out the stylized quotes but I still manually needed to make the changes. Again, thank you!
November 18th, 2009 on 5:35 pm
Hi Omni,
Thank you for the nice post. I have one question. In my installation, the theme that is applied does not have a functions.php file. In this case, where do I put your code snippet? Is the header.php the next best place to put it in? Any help is appreciated.
November 18th, 2009 on 6:02 pm
Ahmad,
If your template doesn’t have a functions.php file (which is somewhat odd…) try making one. Basically, just upload a blank text file called functions.php to the same folder where all your other files (like header.php, etc) are. There, add the code above and see if it works.
I’d like to know if it works or not, and if it doesn’t, I’ll try to think of something else.
November 18th, 2009 on 6:04 pm
Jason,
The password that is set is the same password you set when you created the account. This code makes it so you just need to log in – it’s just like any other login page on WordPress.
November 19th, 2009 on 12:12 pm
Omni,
I did as you suggested by creating a functions.php file in the same folder where all of my other files (like header.php, etc) are and added your code to it. It seems to be working just the way I wanted it.
Thanks a lot for the quick responce.
November 19th, 2009 on 1:25 pm
Glad to help, tell your friends about hacksar.com!
November 24th, 2009 on 8:02 pm
This seems like a great solution. However, if you only use one username for all guests, when they post a comment, won’t all comments appear to come from the same user? I’ve been using htpasswd for a blog to restrict access, but many of my users use an antiquated version of IE that doesn’t play nice with the authentication. This looks like a viable solution, but I’m concerned that all the commments will come from the same user. I’m assuming the answer is to create accounts for all the users, but that seems like a bit too much work.
January 25th, 2010 on 10:16 am
This is exactly what I wanted to do.
I have not implemented it yet.
Chad is right. All the comments wil appear to come from the same user. Is there a work around to that- like being able to put in a different name everytime you post a comment from the same account ?
Thanks a tonne! (I mean it!!)
February 2nd, 2010 on 12:15 pm
Chad and Ruppi,
That’s a valid point. You were correct in saying that making accounts for all of them would be tedious (but also the most straightforward solution). I hadn’t thought of this problem.
However, after thinking about it for a while, I’ve thought of a somewhat complicated solution. Let me try to explain the theory behind it.
Every user is assigned some “role” (like administrator, editor, contributor, etc). Each role has a specific set of options that they can perform. See http://codex.wordpress.org/Roles_and_Capabilities for the full list of levels and roles.
Now, my idea was to custom make a role (by editing one of the existing roles that wouldn’t be used much) so that all it can do is create new users. That way, you just give out one account’s information to your readers, tell them to log in and create an account for themselves, and then they’ll have their own account with posting privileges and their names (saving you the hassle of creating their accounts). The only thing is that doing so would require editing some of the PHP Wordpress files (like menu.php). If you’re still interested, I could write a thorough article on how to go about doing this. But then, of course, you come across the problem of users themselves being too lazy to create accounts… but there’s not much you can do about that.
Just tell me if you’re interested in such an article.
February 6th, 2010 on 4:37 am
I like the idea, but I’m not so sure about doing it.
So, what you’re saying is that when they visit my wordpress blog, they’ll be required to login with the account I made [I hope you can set it so that no one can change the password to it]. Then where do they go exactly to make their own account?
I suggest you make a how-to on this, as early as possible. I’m curious to try it out- since I like it, and I think I might as well use this for quite a long time.
February 17th, 2010 on 3:00 pm
This is a great solution, but I’m finding when I test the login, my “guest” gets sent to a dashboard admin panel, and then they have to navigate to the actual blog from there. Is there a way around this extra step? I really don’t want my readers going to a dashboard first.
Thanks!
February 17th, 2010 on 4:35 pm
Hm, it always redirects me to the blog when I log in with this setup… Are you sure you’re going to the actual blog link (and then being asked to login) rather than straight to the login page? Like, if your blog is at http://www.site.com/blog/, when you type in your link, do you type that in (or go to like http://www.site.com/blog/wp-login, which might be saved in your history)?
February 17th, 2010 on 8:02 pm
Hi, yes, if I go to the link for my blog directly, I get the login screen, as set up by your instructions, and when I log in with my test guest user, I wind up at a dashboard screen. I’d be happy to give you links and the username/pw so you can see what I mean, but I’d rather not do it publicly in these comments. Can I email you? Or you can email me at the address I’ve used to post these comments, if you’re able to see it.
February 19th, 2010 on 8:04 am
Hi again. For the record, I’m using the Tarski theme. Could it be something in the code snippet you wrote, when used with a particular theme, that would cause the redirect to the dashboard? Also, I created the new user as a “Subscriber” because none of the other options seemed appropriate. Thanks.
March 9th, 2010 on 10:19 am
Any ideas?
March 9th, 2010 on 1:10 pm
Claire: Email me at admin@hacksar.com with more info.