Nope. My Private Site is designed to keep people out. Theme My Login does good redirection based on the group assigned to a user.
You can also direct different domains to different pages on a site. For example, on a nonprofit I run, howtosavejobs.org and onlinesafetyfoundation.org go to two separate locations on the same Web site. That’s handled with basic domain redirects at the cPanel level.
Finally, take a look at Multiple Themes, a plugin (one of mine) that lets you assign different themes to different pages. I think you might win with a combination of groups, Theme My Login, and Multiple Themes.
At a completely different level (and cost), the guys at WPMU-dev offer a variety of multisite plugins and they may have something that lets you use WP multisite and share users.
Good luck!
–David
David makes great points. I just want to give you a different perspective, based on my involvement in a project 15 years ago when SSO was a Hot Acronym. It stands for Single SignOn and my current bank still uses it to allow me to signon once to one arm, and then go to another arm of the bank, on a completely different domain, without signing on again.
WordPress gives you that automatically when you use a WordPress Network, AKA Multisite. Logon to one site and you can move to any other site in the Network without logging on again, assuming the user name is registered on all sites. There is a popular plugin that allows you to assign a different domain name to each Site.
Alternatively, if you have separate WordPress Single Sites, especially if you want to have them on different Hosting Accounts, maybe even on different Hosting companies, then you would have to find an SSO product. Auth0 is becoming quite popular, but there are others out there that work well with WordPress.
In all of these scenarios, you would use My Private Site plugin, but would not need the Multiple Themes plugin.
As I said at the outset, I am not disagreeing with David’s solutions, but just trying to offer a different point of view in terms of additional possibilities that may or may not be practical for you.
I agree Jon. Thanks for you insight. Auth0 is very cool, but my big concern with them is multifactor is still in beta (https://auth0.com/docs/mfa). At this point, I’m pretty much recommending multifactor as a requirement for all logins.
In fact, that was the topic of Friday’s post:
http://www.zdnet.com/article/the-one-killer-app-that-could-make-us-all-want-a-smartwatch/
Thread Starter
Anonymous User 14403228
(@anonymized-14403228)
Hi Jon and David. A huge THANK YOU for your responses. Jon you are correct in that what I think I am really looking for is an SSO product but kept searching for membership, members, private, etc. which did not readily reveal those products….sometimes a keyword can make all the difference. Eventually I did get there, but it took quite a bit of legwork.
I hosted the portal domain on Saturday, so everything will be ready for testing this week. I’m just going to go down the list of everything that has been recommended and test each combination until I find one that works. I installed All in one Intranet, but this is of concern: “Note that your media uploads (e.g. photos) will still be accessible to anyone who knows their direct URLs. This the way most privacy plugins work.” I must find a solution that works around this because eventually this will be a place for kids to share and learn so I need to make sure all aspects are private. In my experience when working with gifted kids you need more security than a bank to keep them from doing unauthorized things 🙂 I’m excited to try the My Private Site and SSO combination – thanks for that tip Jon! I’m fine with something in Beta as I am in no particular hurry and would rather set things up right than have to redo everything at a later time.
I did find one solution that I think will definitely work if I want to switch hosting companies, move my domains and run multisite…so at least I know there is a solution out there.
In any event I think My Private Site may be a great option to lock things down while under development – I hate the thought of others stumbling upon my awkward and messy pages. Will this prevent my “play” pages from ending up in WayBack Machine and other historical page collectors? If so, that would be AWESOME!
Truly appreciate both of your responses and input. If one doesn’t exist I would love to see a WP directory with a list of combination themes and plugins where members of the community can post the over-all makeup of their sites so others will know that a particular combination works without the need for extensive trial and error and be able to visit the site to see the various pieces in action. It seems like it would save a lot of time…if I can get my act together, maybe I can figure out how to do it 🙂
Be Well and thanks again 🙂
“Note that your media uploads (e.g. photos) will still be accessible to anyone who knows their direct URLs. This the way most privacy plugins work.” I must find a solution that works around this because eventually this will be a place for kids to share and learn so I need to make sure all aspects are private.
Any solutions that I’ve seen come from the web host, not from WordPress or Plugins. If you are not yet firmly committed to a Web Host, you may want to fully test this capability before committing. For example, the web hosting service that I use has a large set of capabilities under the icon called Protection. “Hotlinking prevention” is the feature I was thinking of, as it promises to only allow access to a file, including images, if accessed through a web page on your site hosted there, i.e. – not directly by URL.
I have zero experience with this feature, and the few sites where I saw it being used 15 years ago, now no longer use it. So, I recommend you do a lot of testing if you decide to go in this direction.
Thread Starter
Anonymous User 14403228
(@anonymized-14403228)
Ahh, that makes a lot of sense. I only have experience with the one web host thus far. I have been very happy, but since they don’t support multisite, I am thinking I should switch before I get in too deep. Given the various things I would like to do over time, multisite seems to be destined for my future, if not with this application than with other things I am hoping to do. Are you allowed to list the name of the host with the “Hotlinking prevention”, or is that against da Rules (little Fairly Odd Parents reference there 🙂
Thread Starter
Anonymous User 14403228
(@anonymized-14403228)
Never mind Jon, I think I found it and did some additional reading. Hotlinking – A bigger issue than I could have imagined. Great tip! Thanks again!
K2E2, given how insecure banks have been recently…
Remember that when you’re dealing with kids, you’re not just concerned about website protection. Those images can be emailed, posted to Instagram, etc.
When putting together any security structure, it’s important to understand the level you’re striving for. Are you trying to keep random people out or protect against an attack from a nation-state? Are you generally trying to make sure the kids don’t share their images, or are you interpreting FERPA in such a way that no image can leave your server in any form, or are you really trying to prevent people who don’t belong from finding them an misusing them?
The reason you want to think about this in levels is that each degree of security increases the challenge and complexity. Be realistic about what you want to achieve within your skills, budget, and regulations, and you should do fine.
Good luck with it (and Jon, thanks!).
–David
