Skip to content

One way to password protect a WordPress site

I was helping a friend set up a site for their family, and they wanted it to be password protected. I protect our family site using Apache's basic access protection (httpauth), and it works well enough, so that's how I set up his site as well.

However, we then had nothing but trouble with the Flash-based image uploader in WordPress, which is a tool I don't personally use. After some digging, I discovered that the Flash-based image uploader simply won't work with httpauth.

Because the objective was to keep out unwanted visitors, I found a workaround -- it's not perfect security, but it seems to do the job well, and allows the Flash-based image uploader to work. I disabled the httpauth access restriction, then installed two plug-ins:

  • Restricted Site Access: This plug-in prevents anyone from seeing the site without first logging in. We then created one generic username/password for my friend to give out to all his relatives (which is what we would have done using httpauth, too).
  • Peter's Login Redirect: This sends users to the home page of the site after login, instead of to their control panel. I'm not sure why, but after logging in, our generic user was going to their control panel. This plug-in solved that problem.

The end result is a site that's protected from casual visitors, as well as robots (though we've also got a robots.txt file set up, just in case). It'd be nicer if WordPress would just fix the httpauth issues, but it seems they're not interested in doing that.

1 thought on “One way to password protect a WordPress site”

  1. When you login on WordPress the default action is to take you to either the DashBoard area or your own Profile area in the admin menus. The location is based on the users WordPress role. The redirect plugin simply sends you back to the front page instead of the default action.

Comments are closed.