You are about to launch a new product, and you have developed a great website for it using the world’s favorite web publishing platform, WordPress. You want to test it live on its own domain and hosting, but you are not yet ready to make it public just yet. Earlier in another article we talked about how to password protect WordPress without user registration. How about limiting access to a site for visitors who are logged in or allowed by IP addresses? In this article we will show you how to restrict WordPress site access by IP or logged in users.
Video Tutorial
If you don’t like the video or need more instructions, then continue reading.
First thing you need to do is install and activate Restricted Site Access plugin. After activating the plugin, go to Settings » Reading. Scroll down to the bottom and you will see options to configure restricted access.
Using Restricted Site Access plugin, you can restrict access to a WordPress site for logged in users only or for people with specific IP addresses. You can also choose to redirect users with no access to the site by sending them to the login page, redirect to another web address, show them a custom message, or even redirect them to a specific page (coming soon page) that you have created on the same site. Restrict by IP feature is very useful if you want multiple employees in the office to have access to the development project without requiring them to register as a user.
This plugin can be extremely useful for beta testing your site before a product launch. It is also good for creating private blogs for friends and family only. We hope that this article helps you run your projects discretely. Do you have other ways that you have used to restrict WordPress site access? Share it with us in the comments below.
Jeff
Can you restrict by IP by role? We want to limit by IP user logins that have full admin rights. Subscribers, Authors, and Editors will not be limited by IP address.
WPBeginner Support
We do not have a specific recommendation for role-specific limitations at the moment but we will be sure to share if we find a method we would recommend.
Admin
Prince Lee
I was wondering if there was a way to restrict my signup page to only visitors from a given location
WPBeginner Support
You would normally need a security plugin to achieve something like that.
Admin
Terry
I think this plugin is great for my wholesale accounts. but the end user (retail) for me is a customer that has to approve designs. I do not understand how to make the private page with password open for them while keeping the wholesale side ip protected. Is there a plugin that allows access by page while restricting by ip address. The password feature for the wholesale side is too vulnerable to being shared.
chris
According to the FAQ’s here is a way to make exceptions for specific pages:
add_filter(‘restricted_site_access_is_restricted’,’impressum_override’,10,2);
function impressum_override( $is_restricted, $wp ) {
// check query variables to see if this is the feed
if ( ! empty( $wp->query_vars[‘pagename’] != ‘name-of-page’ ) ) {
$is_restricted = false;
}
return $is_restricted;
}
Eran
The only problem is that this plugin restricts the access to lost password page as well.. this is a problem..
Jim Gore
I also liked this simple and effective plugin, until I discovered that the lost password page couldn’t be reached. I also tried another nice plugin (restrict site access), also simple to set up & effective, but it suffered the same problem. The author of that plugin suggested that the problem could be resolved by hooking code in to handle that page.
JR
Thanks a lot !!! This plugin rocks…I was exactly looking for this ..God Bless You
Shoeb
Hi,
How to handle the scenario with the Dynamic IP addresses. If we unrestrict certain IP addresses then every time the IP address will get change. Then what to do in this situation ?
Joe Njenga
Can this plugin work with a single page restriction ?
Mariska Van de Langenberg
If you would have a subscription sign up for a product as well as a registration as affiliate on your site….would there be an option to avoid people to sign up as affiliate first and then subscribe to the product in order to get commissioned on them? Like a check on IP amongst the affiliate IP’s?
kate
I have a problem when my members sign up they are taken to payment page but if they click off this page they can log in without paying. How do i restrict their access until they have paid the fee
in a nutshell How can i restrict access to my members until they pay
WPBeginner Support
There are separate plugins for that for example, Retrrict Content.
Admin
John
You can use the safe private plugin:
http://wordpress.org/plugins/safe-private/
Mona
Can you please clarify the following:
By restricting site access to those who are “logged in” – does that mean users have to set up a Wordpress account? I’m trying to make it as easy as possible for the non-savvy computer user for accessing a family website.
Also, do restricted access plugins only work on self hosted sites? What about free sites like Wordpress.com?
Thanks!
Editorial Staff
Most techniques mentioned on this site including this one are for self-hosted WordPress and will not work on free WordPress.com
Admin
Ruchi
Is there a way to restrict users to only a certain section on the site, where they can access product data etc. based on an email login? I’m an amateur webmaster and have been struggling with this.
Editorial Staff
Yes. You would have to use one of the many membership plugins such as S2 members or Easy Digital Downloads etc.
Admin
Ruchi
Thanks. I ended up using word press access control since it allowed more customization, been workin like a charm..
Used a lot of tips from your website though. You guys are doing a great job! Thanks much!
Simon
So basically install a plugin… what a very informative article.
If anyone else is interested you can add code in your functions file to prevent anyone who is not logged in from viewing your site:
function password_protected() {
if ( !is_user_logged_in() ) {
auth_redirect();
}
}
add_action(‘template_redirect’, ‘password_protected’);
add_action(‘do_feed’, ‘password_protected’);
Editorial Staff
Thank you for sharing an alternative code solution, but why reinvent the wheel? There is absolutely nothing wrong with installing a plugin to do a simple task. That’s what plugins are made for. Also the author of that plugin is fairly well-reputed in the community. When we need to restrict site access by IP or logged in users, we use this plugin.
Admin
Barry
Hi simon,
Your code seems so simple yet it doesn’t work for me. I even check by putting a simple echo before the if statement to check if the function is being called at all and it doesn’t.
So which add_action should i use?
Malc
Simon, this plugin allows access to a whitelist of IP addresses. Not a common request – but very useful from time to time. Do you have code that could handle that function?