Force Login to View WordPress Blog Pages
I was recently working on a private / "closed" website that featured WordPress. User management is a must and content can only be seen if the user is logged in. I was shocked to find that WordPress didn't provide an option to accomplish this task. Luckily a quick snippet in the header of my template allowed me to force login to view content:
// Require login for site
get_currentuserinfo();
global $user_ID;
if ($user_ID == '') {
header('Location: /wp-login.php'); exit();
}
The get_currentuserinfo() function provides a huge object with information about the user. We then look at the user_ID variable to see if the user's ID is defined -- if not, they aren't logged in and we should send them to the login page!
Do remember that your header() calls must take place before any content is pushed to the page, so I recommend adding this content at the very top of your header.php file. There's also a WordPress plugin to accomplish this task.
![6 Things You Didn’t Know About Firefox OS]()
Firefox OS is all over the tech news and for good reason: Mozilla's finally given web developers the platform that they need to create apps the way they've been creating them for years -- with CSS, HTML, and JavaScript. Firefox OS has been rapidly improving...
![39 Shirts – Leaving Mozilla]()
In 2001 I had just graduated from a small town high school and headed off to a small town college. I found myself in the quaint computer lab where the substandard computers featured two browsers: Internet Explorer and Mozilla. It was this lab where I fell...
![Fancy FAQs with jQuery Sliders]()
Frequently asked questions can be super boring, right? They don't have to be! I've already shown you how to create fancy FAQs with MooTools -- here's how to create the same effect using jQuery.
The HTML
Simply a series of H3s and DIVs wrapper...
![Rotate Elements with CSS Transformations]()
I've gone on a million rants about the lack of progress with CSS and how I'm happy that both JavaScript and browser-specific CSS have tried to push web design forward. One of those browser-specific CSS properties we love is CSS transformations. CSS transformations...
I like the handy solution. However, there’s a number of plugins for this that allows more customization like a custom page/text and redirection etc….
Pretty nifty snippet, thanks.
There is a pretty useful function for that, called is_user_logged_in(), which does exactly what you might think it might do.
I am not sure if the location you specified in the header might give problems if blog uses the so-called SEO-friendly URLs like “blog.com/foo/bar/” for posts and/or pages. So in order to prevent bad redirections, there is also a WordPress function called wp_login_url(), which brings us to this untested snippet:
if (!is_user_logged_in()) { header('Location: '.wp_login_url(get_permalink())); exit; }That seems much more flexible, awesome!
Ty man, just what i needed ;)
You could also place this in your functions.php file:
function walled_garden() { if( ! is_user_logged_in() ) wp_redirect( '/wp-login.php' ); } add_action( 'get_header', 'walled_garden' );Thanks Boris!!
Excellent Boris.
I think we also need to check for is_admin().
I am not sure is_user_logged_in() will return true in case of admin logged in. What you think?
Because the admin is an user, it will return true, if he/she is logged in. I checked the function for it to be true. As a matter of fact is_user_logged_in() does almost the same as David suggested above. It gets the user-details and checks if the ID equals 0.
@KMB: thx KMB for explaining…
Hello. Thanks for this.
It works fine for me, until I try to recover my password. It seems like the password lost and found link is considered as other url, so it still redirected to login page. Is it just me or do we need to add some more snippets?
I get this error when I use the code above.
Warning: Cannot modify header information – headers already sent by (output started at /home/content/92/7103392/html/wordpress/wp-content/themes/twentyten/venue_event_add.php:6) in /home/content/92/7103392/html/wordpress/wp-content/themes/twentyten/venue_event_add.php on line 23
Any suggestions?
Resolved warning by adding this line below to the functions.php located in what theme you are using.
ob_start();
Hi David. Great post and it answers part of my question.
Furthermore, can the loop be customised to only show posts that are of a specific type? I am wondering if I can use WordPress as a way to communicate with clients based on their login and only show posts that are targeted at their company/login. Like a bug tracker of sorts.
Thanks
Steven
The plugin you linked to hasn’t been updated in a few years so your tip I hope will be helpful for our college’s website over the holidays while we move to WordPress.
So, when I used the plugin suggested in a WPMU, all the pages were put behind the login wall… this code worked like a charm because I only wanted to cut access to a single sub blog … so put it in that sub blog theme … :) thanks !
Where would you recommend putting this code so that it runs ALWAYS? I get the 404 error if I try and access a page that doesn’t exist. I would rather redirect to login and only show 404 if the user is logged in. Of course I want this for all errors, so I don’t want to just add it to the 404 page too. Any suggestions on a more global place to put it other than the template header?