Restricted Site Access  for

Restricted Site Access is a WordPress plug-in that allows you to restrict access to logged in users and a set of IP addresses with flexible restricted access behavior.

Description

Limit access your site to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message. A great solution for Extranets, publicly hosted Intranets, or parallel development sites.

Adds a number of new configuration options to the Privacy settings panel. From this panel you can:

  1. Enable and disable access restriction at will
  2. Change the restriction behavior: send to login, redirect, or display a message.
  3. Add IP addresses not subject to restriction, including ranges.
  4. Quickly add your current IP to the restriction list.
  5. Control the redirect location.
  6. Choose to redirect visitors to the same path that they entered the current site on
  7. Choose the HTTP redirect message for SEO friendliness
  8. Customize the blocked visitor message.

Thanks to Eric Buth for adding IP range support to the code base!

Installation
  1. Install easily with the WordPress plugin control panel or manually download the plugin and upload the extracted
    folder to the `/wp-content/plugins/` directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Configure the plugin by going to the “Privacy” menu item under “Settings”

Changelog and future enhancements are available here.

As always, feedback and suggestions are welcome!

77 Thoughts Contributed to “Restricted Site Access”

  1. Kellen Mahoney - August 18, 2009 at 10:20 am Reply

    This is a great tool. A useful additional feature would be to redirect users to the same path after they are redirected to the log in page.

    • Oomph
      Oomph - August 18, 2009 at 10:32 am

      Kellen – thanks for the feedback. I actually thought I already built it to that… is that not happening on your site?

    • Kellen Mahoney - August 18, 2009 at 1:49 pm

      When using the send to login page option on my site, the user currently arrives at the home page of my site after logging in rather than the path they had originally entered.

  2. CyberSNAC - September 15, 2009 at 10:08 pm Reply

    is there anyway to use this plugin to restrict access to a certain folder and it’s subfolders. I only want to restrict access to limited areas.

    • Oomph
      Oomph - September 16, 2009 at 8:59 am

      CyberSNAC – there are several additional features on the agenda, and we’ll consider path based restrictions too. We’re a bit swamped with client work at the moment; unfortunately, adding new features to the “free” projects have to wait a few weeks!

  3. Pingback: Robservatory » Blog Archive » One way to password protect a WordPress site

  4. arnaud - October 15, 2009 at 5:14 am Reply

    Hi,
    Great job ! Thanks !
    However I found that with your plugin activated, I cannot use anymore XML-RPC connection to update my blog with the wordpress iphone app.

    • Oomph
      Oomph - October 15, 2009 at 12:05 pm

      arnaud – what restriction method are you using? The restriction method will definitely block XML-RPC access. We’ll look at making that tag accessible in a future update.

    • Arnaud - October 22, 2009 at 2:35 am

      Hi,
      Concerning the XML-RPC issue, I’ve founded a solution : deactivate your plugin before first connection (when setting the blog parameters in the wordpress iphone app) and then reactivate your plugin. I don’t understand why i need to do that…

      Moreover I updated my wordpress this morning from 2.8.4 to 2.8.5 : it breaks your plugin : i have redirection issues, i cannot access anymore to my site or admin section. By removing your plugin (from ftp server directely) i reworks.

  5. Paul Somers - October 16, 2009 at 11:26 am Reply

    Hi,

    Scratching my head at this stage, but I think you have the solution:) On the http://www.seit.ie website I want a members login (Admin – to activate access), once member has permission to access -Then and Only Then can they upload case studies / posts / queries / recommendations. I have been playing with WP members access but subscribers automatically can see / edit / respond to all posts.

    I would appreciate the guidance.
    Paul

    • Oomph
      Oomph - October 16, 2009 at 1:28 pm

      Paul – I’m not sure I understand what you’re trying to do. This plug-in doesn’t do anything with respect to post *administration*. It’s simply a tool for limiting access to the front end of the site.

      I’m sure what you’re seeking is “do-able” – just not with this plug-in.

      If you have a meaningful budget and would like to contract us to support the need you’ve described, however, we’d be happy to help.

  6. Steve - October 19, 2009 at 11:22 am Reply

    It would be great if instead of just IP addresses, you could list networks. I have a WP install that I’d like to let anyone on the LAN just use when they’re in the office, but require authentication if they’re on the outside.
    I tried allowing 192.168.1.0/24, but it didn’t like that.

    • Oomph
      Oomph - October 20, 2009 at 10:12 am

      Steve – support for IP ranges is on the top of the road map. Unfortunately, the “free” projects can only get so much attention. If you need it quickly and there’s a small budget for the project, and you’re interested in “sponsoring” this feature, I could prioritize it and get it done within a day or two.

  7. Kellen - October 26, 2009 at 12:55 pm Reply

    I am also very interested in IP range support. My budget at the moment is very small… but out of curiosity, what level of support would be needed to prioritize this feature?

  8. Arnaud - November 4, 2009 at 2:50 am Reply

    Hi,
    Seems to be really busy ;-p
    Could you just confirm that the plugin does not work on WP 2.8.5 ?

    • Oomph
      Oomph - November 4, 2009 at 7:37 pm

      Arnaud – I’ve at least done basic testing of the plug-in on 2 sites running 2.8.5 without issue… can you elaborate on your problem?

    • Arnaud - November 6, 2009 at 2:56 am

      Shame on me ! :-/ There was in fact a conflict with an other plugin named “login logout”. After removing it i could reactivate yours succesfully. Consequence : I trashed the other plugin and keep yours :-) Sorry for the wrong bug report.

  9. Oliver Schmidt - November 10, 2009 at 1:18 pm Reply

    Hey – this sounds just like the function we are missing in WordPress! I can not spend any money, but how about helping out with programming?

    (If you like, I could of course do a fork and send my code back to you afterwards…)

    Greetz,

    Oliver

    • Oomph
      Oomph - November 12, 2009 at 10:28 pm

      Oliver – we’re pretty swamped right now, so plug-ins aren’t on the front burner. But if you can provide the PHP code that interprets something like “192.168.1.0/24″ (or any other ranges a user could enter) into a starting and ending IP address, it would help us get that feature in more quickly.

  10. Pingback: Why You Should Use WordPress | 5280 Web Design

  11. Amy Greene - February 5, 2010 at 5:01 pm Reply

    We have an educational WordPressMU install where we’d like to use plugin manager to activate this plugin by default upon creation. Is there a way to hardcode the settings and IP range for this plugin so all new blogs get the same settings to start? Blog owners could then go and change the settings later if they wanted to. Thanks for your great work on this plugin!

    • Oomph
      Oomph - February 8, 2010 at 9:05 pm

      Amy – if you want to modify the source code of the plug-in, you could certainly hardcode the IP ranges in instead of pulling the option from the setting panel.

      If you’d like help, we could do this for you with just an hour’s budget. Use the “Request a Quote” button up top!

  12. John Thiele - February 10, 2010 at 7:58 am Reply

    I really appreciate your secure access plugin. However, we have found a hack that bypasses it. if you execute a search query string, such as /?s=news, the search is executed and the search results page is rendered. Any way to close that hole? I have disabled search until we launch, but it was a really bad surprise to find when we got hacked.

    Thanks for the plugin and your consideration.

    • Oomph
      Oomph - February 10, 2010 at 8:57 pm

      Yikes – good catch. We’ll patch that up tonight!

  13. Jeff Miller - February 15, 2010 at 10:29 pm Reply

    Hi, I was wondering, does this plugin also restrict the ability for users to retrieve files that might be uploaded to a site? Im working on a site for a non-profit and we want to have Board documents available to those who log in, but no one else. We would give each board member a login; when their term is up, we terminate the login.

    In short, no access to anything on the site, unless you have a login?

    Thanks,

    Jeff Miller

    • Oomph
      Oomph - February 21, 2010 at 5:34 pm

      Jeff – great question.

      Unfortunately, due to the way WordPress handles files, files are only hidden by obscurity. If someone has a direct link to an upload, theyll be able to retrieve, it regardless of whether theyre logged in / unblocked.

      The only way around this would be to use htaccess level protection on that folder. I would have to modify the plugin to block direct access to files in that, and stream them through a PHP script for download.

      Of course, this could be trickier than first blush might suggest. For instance, what about images embedded on a page? Streaming those in (instead of a plain old image src reference) would be confusing and complicated to implement. Perhaps there would be a checkbox for media items called secured file that would control which files can are blocked / have to be streamed. Of course, then they would also have to live in a seperate folder.

      Ill investigate further, but theres no quick fix for this that I know of. If someone would like to fork the code to do this or sponsor the feature, it could get attention sooner!

  14. Charles Hodgson - February 24, 2010 at 10:59 am Reply

    Not to unjustifiably promote getting attention sooner, but I too am looking for the feature Jeff Miller suggests. Can’t fork myself and unlikely to fork-over for feature sponsorship. But I do like the plugin and will do a donation.

  15. Raden Payas - March 7, 2010 at 4:28 am Reply

    Dear Admin,

    This is seems to be a nice plugin and I have the following questions.

    1. I want to alllow every user to login only from their own IP address, Is this possible? This is to avoid sharing of login details.

    2. If the number 1 question is possible, does this plugin do it automatically, or should I each user’s IP address? How to find users’ IP addresses?

    Thanks a lot and I’m really hoping for your answer…. I tried restrict ip login but it does not give me what I need… Hope this plugin does..

    Thanks a lot,
    Raden

  16. helpy - April 18, 2010 at 9:37 am Reply

    This is a nice and usefull plugin!

    Would it be possible to extend the plugin, that users which have a certain string in their “browser user agent string”, can access the site too?

    cu,
    guido

  17. Stinky - April 28, 2010 at 2:03 pm Reply

    Does this work with wordpressMU? I’ve installed it, followed the instructions, but it’s not restricting by IP address.

    • Oomph
      Oomph - April 30, 2010 at 11:11 am

      Stinky – it does not work MU at the moment, but we may look into upgrading it to support MU with the 3.0 release of WordPress.

  18. Matthew Beer - April 30, 2010 at 7:57 am Reply

    Hi,

    I have just installed the Restricted Site Access, but when I load the page now, all I get is:

    Warning: Cannot modify header information – headers already sent by (output started at /home/evergree/public_html/News/index.php:6) in /home/evergree/public_html/News/wp-includes/pluggable.php on line 868

    I’m not really up on my scripting, little bit new to all this, but would you know what would cause such an error? any help would be much appreciated.

    • Oomph
      Oomph - April 30, 2010 at 11:11 am

      How do you have the plug-in configured? Are you loading WordPress in from another script on your site?

  19. Matthew Beer - April 30, 2010 at 3:30 pm Reply

    Hi,

    WordPress is loading from the folders in which is was installed, to my knowledge i don’t think it loaded from anywhere else. i started by just activating the plug as is, so with no changes.

  20. Dominick V. - May 5, 2010 at 9:09 pm Reply

    Does this restrict any of the search engines?
    And is there a way for them to see the Home page then when they try to enter then be redirected?

    • Oomph
      Oomph - May 19, 2010 at 9:36 am

      This will restrict all visitors, including search engines.

      Currently it restricts the entire site, but a future update will enable exceptions (such as the home page).

What do you think?

*(required)

Download Free Now

Current Version: 3.2.1

Last Updated: January 13, 2011

Oomph is a full-service digital agency providing strategy, design & development and a host of other web services. A leader in WordPress and Drupal implementation, Oomph pushes the boundaries of today’s web platforms. Oomph has a diverse portfolio of non-profits, international corporations and publications. Team Oomph is always thinking creatively about the digital world. Oomph is located in Providence and Boston.

Popular Destinations