Jason Vertucio

I did a thing!

WordPress: Requiring Login

I know this goes completely against the concept of blogging, but an end-client wants their site to be password protected. Now, one way to do it is to create a .htpasswd file and lock people out of the site that way, but it’s a pain for non-technical people to dig through access logs.  But thanks to the ubiquity of WordPress plugins and a little ingenuity, I am able to accomplish said task. This is being done in WordPress 3.1, so I’m not sure about the backward-compatibility of this. If you would like to comment on this code’s backwards-compatibility, please feel free.

First in the lineup is User Tracking. Thanks to LBAK, that’s one problem solved.

Second up is requiring a user to be logged in. One way to get this done is to edit the wp-blog-header.php file as follows. The script is easy to read, as all it does it call other scripts. Place the following code right under the part that says: if ( !isset($wp_did_header) ) {

if ( !isset($wp_did_header) ) {
     if ( !is_user_logged_in() ) {
          echo '<!DOCTYPE html>
<script type="text/javascript">
  window.location = "<?php bloginfo('wpurl') ?>/wp-login.php";

… and you’re done! Now, any user still has access to the Admin area, because the code doesn’t quite reach that far, and if you want to protect your intellectual property that badly, I think you’ll want to keep even the lowest-level users outside of that area.

If so, stay tuned, and you will see exactly where that code would go!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.