Title: Securing WordPress
Last modified: August 19, 2016

---

# Securing WordPress

 *  Resolved [diggit2001](https://wordpress.org/support/users/diggit2001/)
 * (@diggit2001)
 * [16 years, 6 months ago](https://wordpress.org/support/topic/securing-wordpress/)
 * I am using WordPress for our company intranet and I don’t want any of the site
   to be viewable to anyone until they have logged in, preferably with their Active
   Directory/domain credentials. WordPress is running on a Windows 2003 Server with
   IIS 6. Best case scenario would be to use integrated Windows authentication as
   I am doing with other sites on this particular webserver but when I enable it(
   and disable anonymous access) a user is prompted for and puts in their credentials
   4 or 5 times before they are permitted access to the site.
 * I’m not sure if integrated Windows authentication is supported on a WordPress
   site running on Windows Server or not, or if there is perhaps a better way to
   accomplish what I am after, but I would appreciate any input anyone could provide.
 * Thanks in advance.
    -Chris

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [Equal](https://wordpress.org/support/users/equalmark/)
 * (@equalmark)
 * [16 years, 6 months ago](https://wordpress.org/support/topic/securing-wordpress/#post-1294631)
 * We have managed to get WordPress and WordPress MU authenticating using LDAP with
   1500 active directory accounts. The plugin we used was wpDirAuth but we had to
   use an older version of the plugin in order to get it to work.
 * Just a word of warning we are on Windows server 2008 with IIS7 so may not be 
   exactly the same.
 *  Thread Starter [diggit2001](https://wordpress.org/support/users/diggit2001/)
 * (@diggit2001)
 * [16 years, 6 months ago](https://wordpress.org/support/topic/securing-wordpress/#post-1294848)
 * Thanks for the advice. I’ve been messing with the wpDirAuth plugin since your
   recommendation pointed me to it and have run into several different problems.
   I finally have them all ironed out now and it seems to be working. Since there
   doesn’t seem to be much support for this particular plugin online, I’m going 
   to post my issues here in the hopes that some kind soul may happen upon this 
   post and have a pointer or two for me.
 * My first issue is that when a user logs onto the site using their AD credentials,
   they are taken to their WordPress Profile page. I have been looking around for
   a way to have the user delivered to the actual site home page when they logon,
   but I have so far not been able to find this setting.
 * Besides getting some sort of AD authentication working on my site, my other goal
   was to make the entire site private and not visible to anyone until they have
   successfully logged on. It does not appear that this plugin provides that functionality.
   I have tried using the ‘Absolute Privacy’ plugin but it appears to have conflicts
   with the wpDirAuth plugin so I’m stuck.
 * I appreciate the assistance.
    Thanks! -Chris
 *  [Equal](https://wordpress.org/support/users/equalmark/)
 * (@equalmark)
 * [16 years, 6 months ago](https://wordpress.org/support/topic/securing-wordpress/#post-1294886)
 * I think that the redirection to the profile may be something to do with the default
   role that they are being allocated.
 * In terms of protecting the entire site, why not just wrap all your pages with:
 *     ```
       <?php if(is_user_logged_in) ) { ?>
       // show all page content here
       <?php } else { ?>
       // include loginform here
       <?php } ?>
       ```
   
 * Hope this helps.
 *  Thread Starter [diggit2001](https://wordpress.org/support/users/diggit2001/)
 * (@diggit2001)
 * [16 years, 6 months ago](https://wordpress.org/support/topic/securing-wordpress/#post-1294902)
 * Thanks again. Not sure what happened with the direction to the profile page, 
   but it seems to have stopped. Everyone is brought to the sites home page when
   they log on now, as they should. I’m sure that something I did somewhere along
   the line may have fixed it but I’ve changed several things over the course of
   the day, so there’s no telling.
 * I’m not much of a PHP guy so changing the code on the pages never occurred to
   me. I did find a handy plugin that does what i want called ‘Private WP’.
 * Looks like everything is working perfectly now. I appreciate your assistance.
 * -Chris

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Securing WordPress’ is closed to new replies.

## Tags

 * [authentication](https://wordpress.org/support/topic-tag/authentication/)
 * [windows](https://wordpress.org/support/topic-tag/windows/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 4 replies
 * 2 participants
 * Last reply from: [diggit2001](https://wordpress.org/support/users/diggit2001/)
 * Last activity: [16 years, 6 months ago](https://wordpress.org/support/topic/securing-wordpress/#post-1294902)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics