Learn how to make your WordPress website private, so visitors have to log in (or register) to access your site’s content. You can do this with traditional membership plugins like Ultimate Member and BuddyPress, but they’re big… hard to manage and they’re constantly being targeted by hackers.
We’ll create our own tiny plugin, with just a few lines of code, to make a WordPress site private. We’ll also borrow some code from our Pretty Logout Permalink tutorial, so members can logout of the site by visiting a /logout permalink slug – great in custom menu items.
What we’re going to do…
- Create a small/scaffold plugin on your computer.
- Zip-up the plugin and upload it to your WordPress website.
- Activate the plugin.
- Edit the plugin and add some code to actually “make it work”.
- Configure and test the plugin.
Getting Started
On your computer, create a folder called “wpt-private-site”. In this folder, create a text file called wpt-private-site.php, paste the following code into it, and save the file. This is just enough code to define our plugin.
<?php /** * Plugin Name: WPT Private Site * Plugin URI: https://wp-tutorials.tech/add-functionality/create-a-private-wordpress-site-without-a-plugin/ * Description: Members-only site. * Version: 1.0.0 * Author: WP Tutorials * Author URI: https://wp-tutorials.tech * License: GPL-2.0+ * License URI: http://www.gnu.org/licenses/gpl-2.0.txt * Text Domain: wpt-private-site */ defined('WPINC') || die(); const WPTPS_PLUGIN_SLUG = 'wpt-private-site'; const WPTPS_PLUGIN_VERSION = '1.0.0';
Zip-up the folder, upload the zip file to your site’s Plugins area, then activate it. You should now have an active plugin called WPT Private Site.
Let’s Write some Code
We’re going to keep everything in a single PHP file, because we’re just hooking a few filters and actions. We’re not loading any frontend assets (CSS or JS files), so let’s keep things simple.
In the WordPress admin area, go to Plugins > Plugin Editor, switch to the “WPT Private Site” plugin and edit wpt-private-site.php. Copy and paste the following lump into it – replacing what was in there.
<?php /** * Plugin Name: WPT Private Site * Plugin URI: https://wp-tutorials.tech/add-functionality/create-a-private-wordpress-site-without-a-plugin/ * Description: Members-only site. * Version: 1.0.0 * Author: WP Tutorials * Author URI: https://wp-tutorials.tech * License: GPL-2.0+ * License URI: http://www.gnu.org/licenses/gpl-2.0.txt * Text Domain: wpt-private-site */ defined('WPINC') || die(); const WPTPS_PLUGIN_SLUG = 'wpt-private-site'; const WPTPS_PLUGIN_VERSION = '1.0.0'; // Enable/disable site-wide private mode. const WPTPS_IS_PRIVATE_SITE_ENABLED = true; /** * IMPORTANT: If you change this, you need to go to * Admin > Settings > Permalinks > [Save Changes] */ const WPTPS_IS_PRETTY_LOGOUT_ENABLED = true; const WPTPS_ACTION_QUERY_VAR = 'wptps_action'; const WPTPS_ENDPOINT_LOGOUT = 'logout'; /** * Check to see if we need to redirect the current request to the * WordPress login page. */ if (WPTPS_IS_PRIVATE_SITE_ENABLED) { function wptps_template_redirect() { if (is_user_logged_in()) { // Already logged-in, so son't do anything different. } else { // The user is not logged-in, so redirect them to the main login // page. auth_redirect(); } } add_action('template_redirect', 'wptps_template_redirect'); } /** * This code, to add a /logout permalink, is borrowed from from here: * https://wp-tutorials.tech/refine-wordpress/add-a-pretty-logout-permalink/ */ if (WPTPS_IS_PRETTY_LOGOUT_ENABLED) { function wptps_rewrite_rules() { add_rewrite_rule( WPTPS_ENDPOINT_LOGOUT, 'index.php?' . WPTPS_ACTION_QUERY_VAR . '=logout', 'top' ); } add_action('init', 'wptps_rewrite_rules'); function wptps_query_vars($query_vars) { $query_vars[] = WPTPS_ACTION_QUERY_VAR; return $query_vars; } add_filter('query_vars', 'wptps_query_vars'); function wptps_maybe_logout($template) { if (!is_user_logged_in()) { // User isn't logged-in, so we don't need to do anything. } elseif (empty($action = get_query_var(WPTPS_ACTION_QUERY_VAR))) { // Our Action query var hasn't been passed. } elseif ($action != 'logout') { // Our Action query var is not set to 'logout'. } else { // Logout and then redirect to the site's front page, which will // redirect to the login page if WPTPS_IS_PRIVATE_SITE_ENABLED is // set to true. wp_logout(); wp_redirect(get_home_url()); exit; } return $template; } add_action('template_include', 'wptps_maybe_logout'); }
Configure the Plugin
The code is easy enough to read, and it basically provides two functions. You can see the two chunks of functionality wrapped in if() { ... }
statements, controlled by true/false constants.
Set WPTPS_IS_PRIVATE_SITE_ENABLED=
true
if you want to hide the entire site from non-logged-in users. Easy enough. If you want to make your site visible to everybody again, either set WPTPS_IS_PRIVATE_SITE_ENABLED=false
or just disable the plugin.
A nice way to use the new /logout permalink is to create a custom menu item.
If you don’t want to define the /logout permalink, because your site already has it from another plugin, just set WPTPS_IS_PRETTY_LOGOUT_ENABLED=false
.
importantIf you change the value of WPTPS_IS_PRETTY_LOGOUT_ENABLED
then you MUST go to Admin > Settings > Permalinks and press the “Save Changes” button. This forces WordPress the flush/process changes to the URL rewrite rules.
All done – have fun with your new members-only WordPress site! 😎