WordPress.org

Plugin Directory

Restricted Site Access

Limit access to visitors who are logged in or allowed by IP addresses. Includes many options for handling blocked visitors.

Where do I change the restriction settings?

Restricted Site Access settings are added to the Reading page, with WordPress’s built in site privacy options. (It was moved there from a separate Privacy settings page in 3.5.)

It’s not working! My site is wide open!

Most commonly, Restricted Site Access is not compatible with some page caching solutions. While the plugin hooks in as early as it can to check visitor permissions, its important to understand that some page caching plugins generate static output that prevents plugins like Restricted Site Access from ever checking individual visitors.

To the extent that sites blocked by this plugin should not need to concern themselves with high scale front end performance, we strongly recommend disabling any page caching solutions while restricting access to your site. Keep in mind that most page caching plugins do not cache the “logged in” experience, anyhow. Also note that the plugin is fully compatible with other caching layers, like the WordPress object cache.

How do I allow access to specific pages or parts of my site?

Developers can use the restricted_site_access_is_restricted filter to override normal restriction behavior. Note that restriction checks happen before WordPress executes any queries; it passes the query request from the global $wp variable so developers can investigate what the visitor is trying to load.

For instance, to unblock an RSS feed, place the following PHP code in the theme's functions.php file or in a simple plug-in:

add_filter( 'restricted_site_access_is_restricted', 'my_rsa_feed_override’, 10, 2 );

function my_rsa_feed_override( $is_restricted, $wp ) {
    // check query variables to see if this is the feed
    if ( ! empty( $wp->query_vars['feed'] ) ) {
        $is_restricted = false;
    }
    return $is_restricted;
}

How secure is this plug-in?

Visitors that are not logged in or allowed by IP address will not be able to browse your site (though be cautious of page caching plugin incompatibilities, mentioned above). Restricted Site Access does not block access to your, so direct links to files in your media and uploads folder (for instance) are not blocked. It is also important to remember that IP addresses can be spoofed. Because Restricted Site Access runs as a plug-in, it is subject to any other vulnerabilities present on your site.

Restricted Site Access is not meant to be a top secret data safe, but simply a reliable and convenient way to handle unwanted visitors.

Requires: 3.5 or higher
Compatible up to: 4.0.3
Last Updated: 2014-11-30
Active Installs: 20,000+

Ratings

4.8 out of 5 stars

Support

0 of 4 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.

100,1,1
100,1,1 100,1,1
100,2,2
100,2,2 100,3,3 100,2,2 100,2,2 0,1,0
100,5,5 100,1,1
100,1,1
100,1,1 100,2,2
100,1,1 100,3,3
100,1,1
0,1,0
100,3,3
100,1,1
100,2,2
100,3,3
50,2,1 100,3,3
100,2,2 100,1,1
86,7,6
100,1,1
100,2,2
0,1,0
100,1,1
100,1,1
100,1,1
100,1,1
100,3,3
100,1,1