The basic installation of WordPress does not provide a feature to make the entire wordpress blog private. Yes – you can block search engines and Yes you can opt to disable pinging update services when you publish new content; but that’s not completely private. By “private” we mean a WordPress blog that is only viewable to those with a username and password.

So if we want to make a WordPress blog private and ensure that only logged in users can view content we need to direct users not logged in to the login screen, like above.

How can we secure a wordpress blog then?

There are a number of ways.

All are hacks.

The easiest and best and the one we are going to look at involves a plugin. A plugin called “Angsuman’s Authenticated WordPress plugin“. This plugin checks to see if the person viewing a WordPress blog is logged in or not – if they are not logged in they are redirected to the login screen, if they are logged in then fantastic, they can then view the WordPress blog’s content. Essentially it does the job we are looking at accomplishing here – securing a WordPress blog and thus making it private to the general public and only accessible to logged in users.

But there is a “but

Angsuman’s Authenticated WordPress plugin does not work with WordPress 2.5 and upwards. It was released at the end of 2005 and since then a few major WordPress upgrades have been releases; most notably WordPress 2.5 which is when Angsuman’s Authenticated WordPress plugin stopped working. No problem: Every problem has a solution. And Angsuman’s Authenticated WordPress Plugin is no different.

So let’s fix it.

I wanted to make sure I made it as easy for you to get this plugin working with WordPress 2.5, or 2.6 or whatever so instead of telling you to cut and paste sections of code I have just included the entire updated code. Simple replace the all of the code in ‘ac-authenticated.php’ with the following:

Plugin Name: Angsuman's Authenticated WordPress Plugin
Plugin URI:
Description: This plugin allows you to make your WordPress site accessible to logged in users only. In other words to view your site they have to create / have an account in your site and be logged in. No configuration necessary. Simply activating the plugin is all that is required from you.
Author: Angsuman Chakraborty, Taragana
Version: 1.0
Author URI:
License: Free to use non-commercially.
Warranties: None.
function ac_auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page
global $user_ID;
if (!$user_ID)
header("HTTP/1.1 302 Moved Temporarily");
header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
header("Status: 302 Moved Temporarily");

if('wp-login.php' != $pagenow && 'wp-register.php' != $pagenow) add_action('template_redirect', 'ac_auth_redirect');

… Then upload into your “wp-content/plugins” folder and activate and boom – your WordPress blog will be private and secured. Easy peazy.

Download Updated Angsuman’s Authenticated WordPress Plugin

If you want to just download the updated “Angsuman’s Authenticated WordPress Plugin” get it from the download link below:

Download updated “Angsuman’s Authenticated WordPress Plugin”

8 Comments Add Your Own Comment

(December 12th, 2008 at 2:07 pm )

Thank for the fix, worked like a charm.

I only had to change all the quotes into standard single quotes.

(March 15th, 2009 at 7:12 pm )

It is very interesting.

(September 5th, 2009 at 8:34 pm )

Thank you so much. Updated and had problems w/plugin. Your fix worked perfectly!

(January 16th, 2010 at 2:09 am )

Thank you for your explanatino how to add security to wordpress blog, it is really good and useful article, i like it, becouse its step by step, nice and clear explanations used.

(December 18th, 2011 at 12:36 pm )

Best Tips to Secure WordPress Blog/Site here

(December 31st, 2011 at 4:26 am )

This article has a lot of unique and quality information. I found this to be not only well written, but engrossing and intelligent. The writer’s views are appealing and interesting. This couldn’t be written better.

(December 21st, 2012 at 4:35 pm )

There's no real way to secure a WordPress environment. There will always be holes and vulnerabilities. I wrote a post with best practices just a few months ago here: http://www.alphatreemarketing….

(February 24th, 2015 at 7:25 am )

nice post

Add Your Own Comment Fields marked * are required.