[resolved] Intranet - force users to be logged in. (7 posts)

  1. scormeny
    Posted 8 years ago #

    I'm using WordPress 2.2.1 and I need to create an intranet for an organization with employees all over the world. We don't need high-level security, but I would like to set things up so that a user must be logged in to see the site.

    Is there code I can put in the header that checks if a user is logged in, and if not, sends the user to wp-login.php? Or a plugin that does materially the same thing?

    I do not want to do server-level folder protection, because I would rather show the user a web page to log in as opposed to a popup screen.

    Also, I want to make sure that the solution is reasonably efficient and won't slow users down too much, since they already may be on slow connections. So if there is a most-efficient way to do this with cookie-checking or something else like that, that would be super.

    I'm a programming moron, so please be patient.

    Thanks for advice.

    -Sara, sara@paperlantern.com

  2. scormeny
    Posted 8 years ago #

    I did some more research on this and found an answer that is currently working for me on my website.

    I have put this code at the very top of my header file:

      if ( (!empty($_COOKIE[USER_COOKIE]) &&
        !wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true)) ||
        (empty($_COOKIE[USER_COOKIE])) ) {
      wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));

    I found this code at the following website:

    If anybody has commentary on whether this should work or I should find a better, more efficient code to use, I'd be most appreciative if your thoughts and guidance.



  3. mahalie
    Posted 8 years ago #

    Looks good to me. Thanks for the follow-up and good tagging. Info related to WordPress on intranets is sure sparse!

    Oh, one thought, make sure all your templates use the same header or that this function is in all your headers, otherwise people could stumble on via search.

    Also, might want to make sure and add robots.txt file to root to ask google, etc. not to index your blog.

  4. scormeny
    Posted 8 years ago #

    Thank you for the additional tips, Mahalie.

    I'm also a little concerned because the wordpress header code, of course, does not protect any of the "upload" folder and sub-folders or the images or any page not generated by WordPress.

    If anybody has thoughts on how to protect my uploads folder and any other subfolders given this intranet scenario I'd be most appreciative.

    In the case of the current site I'm working on, there is no sensitive or private information in the uploads or photos, so I consider this a low concern level right now, but in the future I'd like to know I can protect client data to the max.



  5. 11Mystics
    Posted 8 years ago #

    Ah! totally slick - good research Sara - thanks for doing that. It's exactly what I needed too.

  6. MarkPrice
    Posted 8 years ago #

    I put this at the top of wp-blog-header.php, but it didn't seem to make a difference. I cleared all session cookies, but going to my blog took me straight to index.php, not wp-login.php. We just went up on 2.3.2--would that matter? TIA.


  7. stuureenswatnaarhugo
    Posted 7 years ago #

    I found this plugin very useful:
    Members Only

Topic Closed

This topic has been closed to new replies.

About this Topic