Beskrivning

Private Website – Login Required is a simple and straightforward WordPress plugin designed to restrict access to your website. By activating this plugin, users must be logged in to view any content on your site. This is ideal for websites that host sensitive or exclusive content and want to ensure that only authenticated users can access it.

There are no complicated settings to configure. Simply activate the plugin to enforce the login requirement and deactivate it to remove the restriction.

This plugin was developed by Robin Oehler.

Privacy Policy

Private Website – Login Required uses Appsero SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster & make product improvements.

Appsero SDK does not gather any data by default. The SDK only starts gathering basic telemetry data when a user allows it via the admin notice. We collect the data to ensure a great user experience for all our users.

Integrating Appsero SDK DOES NOT IMMEDIATELY start gathering data, without confirmation from users in any case.

Learn more about how Appsero collects and uses this data.

Bugs & Feedback

Your feedback is important to me. If you find mistakes, have wishes, ideas, or suggestions, please send an email to mail@roehler.nrw.

Legal notice (German): https://roehler.nrw/impressum/

You are free to use it on any website across countries to protect the privacy of your users.

Note: Activating this plugin cannot guarantee that your website is completely compliant with GDPR. When using Google Analytics, Facebook pixels, or other similar tools, additional measures may need to be taken.

Installation

Upload the plugin files to the /wp-content/plugins/private-website directory, or install the plugin through the WordPress plugins screen directly.
Activate the plugin through the ’Plugins’ screen in WordPress.
Once activated, the plugin will automatically restrict content to logged-in users only.
To remove the login requirement, simply deactivate the plugin.

Vanliga frågor

What does this plugin do?: This plugin restricts access to your website content to only logged-in users. If a user is not logged in, they will be redirected to the login page.
Are there any settings I need to configure?: No, there are no settings to configure. Simply activate the plugin to enforce the login requirement and deactivate it if you no longer want to restrict access.
Can I allow access to specific pages without login?: Currently, the plugin does not provide the option to allow access to specific pages without login. It restricts access to the entire website.
How do I stop the login requirement?: To stop requiring a login to access your site, simply deactivate the plugin from the ’Plugins’ screen in WordPress.

Recensioner

josephion 24 oktober 2024

Super simples Plugin! Genau was ich brauchte. An machen und Homepage nur per Login sehen.

Läs 1 betyg

Bidragsgivare och utvecklare

”Private Website – Login Required” är programvara med öppen källkod. Följande personer har bidragit till detta tillägg.

roehler

Översätt ”Private Website – Login Required” till ditt språk.

Intresserad av programutveckling?

Läs programkoden, kika på SVN-filförvaret eller prenumerera på utvecklarloggen via RSS.

Ändringslogg

0.3.1

Security: Block wp-comments-post.php for non-logged-in users (bypassed template_redirect).
Security: Block wp-admin/admin-post.php for non-logged-in users (prevents nopriv form actions).
Security: Block wp-mail.php for non-logged-in users.
Compatibility: Dynamic uploads path detection — supports custom content directories.
Compatibility: AJAX whitelist is now filterable via private_website_allowed_ajax_actions (for 2FA plugins etc.).
Compatibility: XML-RPC disable is now filterable via private_website_xmlrpc_enabled (for Jetpack etc.).
Compatibility: Updated ”Tested up to” for WordPress 7.0.
Compatibility: Raised minimum PHP version to 7.4 (matching WordPress 7.0 requirements).

0.3.0

Security: Protect direct access to uploaded files (images, PDFs, videos) via .htaccess in uploads directory.
Security: Restrict REST API access to authenticated users only (prevents data leaking via /wp-json/).
Security: Disable XML-RPC completely (prevents brute-force attacks and content leaking via xmlrpc.php).
Security: Block RSS/Atom feeds for non-logged-in users (prevents content leaking via /feed/).
Security: Restrict AJAX requests to a whitelist of allowed actions for non-logged-in users.
Security: Disable XML sitemaps for non-logged-in users to prevent site structure leaking.
Security: Make robots.txt fully restrictive (Disallow: /) to prevent search engine indexing.
Improvement: Creates a self-contained .htaccess in wp-content/uploads/ instead of modifying the root .htaccess.
Improvement: Show admin notice when .htaccess cannot be created or when Nginx is detected.
Improvement: Clean up .htaccess on plugin deactivation. Supports subdirectory installs.

0.2.9

Ask for Appsero consent again after each admin login until consent is granted (re-prompts post-login).

0.2.8

Show tracking status badge directly in the plugin description (Plugins screen).

0.2.7

Add opt-in/out action link directly in the Plugins screen for this plugin (enables/disables Appsero tracking).

0.2.6

Add uninstall.php for clean uninstall (removes Appsero options and clears scheduled events; multisite-aware).

0.2.5

Add Appsero SDK (opt-in telemetry only), with admin notice and weekly schedule.
Add Privacy Policy section to readme; no data is collected without consent.
Minor refactors; keep strict redirects and security hardening from 0.2.4.

0.2.4

Enhanced security with better input validation and sanitization.
Improved code structure following WordPress coding standards.
Added proper internationalization support with textdomain.
Better handling of AJAX requests, REST API, and cron jobs.
Added activation checks for minimum WordPress and PHP versions.
Updated contributor information to link to author website.
More efficient redirect logic with wp_safe_redirect.

0.2.3

Improved function naming to follow WordPress coding standards and prevent conflicts.
Fixed SVN repository structure and tag management.
Reduced plugin tags to comply with WordPress.org requirements (maximum 5 tags).

0.2.2

Updated ”Tested up to” for WordPress 6.8.1.
Minor code enhancements for redirect URL generation and logic.

0.2.1

Internal code refinements and minor updates.

0.2.0

Updated compatibility information (previously tested up to WordPress 6.7.2).
General maintenance and minor improvements.

0.1

Initial release of the plugin.
Basic functionality to require login for viewing website content.