Add option to force login to access website


I’ve built several intranet-type websites, mostly for internal use but also several for clients over the years. I always had to rely on a plugin to force login to protect the entire website. This is a simple feature that should be in the core, along with the membership/registration option.

I know there are others with experience building intranets on here from the various discussions over the years. So I would like to hear from anyone that has experience forcing login to make the entire website private. What are your thoughts on this?

Some uses cases include, but are not limited to:

  • Protected intranets
  • Internal knowledgebases that should only be accessed by staff users
  • A pseudo maintenance page to block access to the website while working on it
  • Membership websites
  • Protected product catalog website or ordering system with Classic Commerce

Possible implementation

The checkbox would be added to the Settings > General page, right below the “Membership” checkbox. Once the user checks it and saves settings when anyone visits the website and they are not logged in, they would be redirected to wp-login.php to log in. The log-in behavior itself wouldn’t change. There’s a plugin I’ve used that I would take a look at to implement a version of that in the CP core. It’s a very lightweight solution, so minimal code would be added.

Will you be able to help with the implementation?

Yes, I should be able to work on this and implement it.

So I would like to hear from anyone that has experience forcing login to make the entire website private. What are your thoughts on this?

I use a plugin for that (which doesn’t work with cp) and plan to make a plugin for that for cp

The realm of access control is huge, so for me this is more plugin territory which then can cover it all

But a simple protection can be achieved by redirecting to a login form say on template redirect based on user role (guest or not or else)
That’s relatively easy, can be done with a single snippet (inclusive making wp-admin inaccessible or “gone” for logged out users)

If I remember I’ll share the snippet here these days.


It’s a useful thing but I think this should not be added to core.

Why not using a plugin for that? I actually created a membership plugin that I use on my sites and which I wanted to update and focus exclusively on ClassicPress (I want to clean it up, make it as efficient as possible, use namespaces, comment it well so that others can help or fork if they want). I can make that plugin consider this feature.

The thing with adding things to core is making things more complex. Why add something to core?

The core of something is its essence. And it should stay simple, lean, robust. The core of WordPress or ClassicPress is the whole data structure, posts, cpts, interaction, admin area, all the functions, classes, the plugins system. It’s something extendable.

And features like this one should stay as extensions/plugins/modules. So that they can be used by people who need them and not forced for people who don’t need them.

I like this feature, and I am willing to make it happen as a membership plugin that will be targeted to CP exclusively. But I would vote a huge NO for “add to core”.


@anon66243189 @alvarofranz both plugins will be welcomed. For my intranets, I would use a simple force login plugin. And for more advanced stuff, especially selling memberships, I would use membership plugin.

I think the main goal of this software is publishing a public web site. The use case for making it private is there, but in the minority.
A plugin would be best because of different environments and needs, such as showing the home page so people know what they are signing up for (or a way to sign up), or contact page, or sales page…

Additionally, there is the REST API to disable.


As someone who manages lots of intranets and membership sites, I agree that this is plugin territory.

1 Like

I’ll go ahead and close this one. Clearly everyone prefers a plugin solution.

1 Like

This topic was automatically closed after 7 days. New replies are no longer allowed.