Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

This plugin allows you to make your WordPress site accessible to logged in users only.

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 assets
Octocat-spinner-32 inc
Octocat-spinner-32 js
Octocat-spinner-32 language
Octocat-spinner-32 .project update tested up version April 17, 2014
Octocat-spinner-32 authenticator.php update tested up version April 17, 2014
Octocat-spinner-32 composer.json Add composer config January 09, 2014
Octocat-spinner-32 license.txt
Octocat-spinner-32 readme.md update tested up version April 17, 2014
Octocat-spinner-32 readme.txt merge readme April 17, 2014
readme.md

Authenticator

This plugin allows you to make your WordPress site accessible to logged in users only.

Description

This plugin allows you to make your WordPress site accessible to logged in users only. In other words to view your site they have to create / have an account in your site and be logged in. No configuration necessary, simply activating - thats all.

Made by Inpsyde · We love WordPress

Have a look at the premium plugins in our market.

Installation

Requirements

  • WordPress version 1.5 and later; current (01/2012) tested up to 3.9
  • PHP 5.2*

On PHP-CGI setups:

  • mod_setenvif or mod_rewrite (if you want to user HTTP-Authentication for feeds)

Installation

  1. Unpack the download-package
  2. Upload folder include the file to the /wp-content/plugins/ directory.
  3. Activate the plugin through the Plugins menu in WordPress

or use the installer via backend of WordPress

On PHP-CGI setups

If you want to use HTTP-Authentication for feeds (available since 1.1.0 as a optional feature) you have to update your .htaccess file. If mod_setenvif is available, add the following line to your .htaccess:

SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

Otherwise you need mod_rewrite to be enabled. In this case you have to add the following line to your .htaccess:

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

In a typical Wordpress .htaccess it all looks like:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule . /index.php [L]
</IfModule>

respectively in a multisite installation:

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# uploaded files
RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule . index.php [L]
# END WordPress

Settings

You can change the settings of Authenticator on Options → Reading. The settings refer to the behaviour of your blog's feeds. Should they be protected by HTTP-Authentication (not all Feed-Readers support this) or by an authentication token, which is simply add to your feed URL as Parameter. The third option is to keep everything in place. So Feed-URLs will be redirected to the login page if the user is not logged in (send no auth-cookie).

If you using token authentication, you can show the token to the blog users on their profile settings page by setting these option.

HTTP Auth

Users can gain access to the feed with their Username/Password.

Token Auth

The plugin will generate a token automaticaly, when choosing this option. Copy this token and share it with the people who should have access to your feed. If your token is ef05aa961a0c10dce006284213727730 the feed-URLs looks like so:

# main feed
http://yourblog.com/feed/?ef05aa961a0c10dce006284213727730

#main comment feed 
http://yourblog.com/comments/feed/?ef05aa961a0c10dce006284213727730

#without permalinks
http://yourblog.com/?feed=rss2&ef05aa961a0c10dce006284213727730

Screenshots

  1. Authenticator's setting options at Settings → Reading. Screenshot of setting options at Settings → Reading

  2. Auth-Token for feeds is displayed on the users profile settings page. Screenshot of Auth-Token for feeds is displayed on the users profile settings page

API

Filters

  • authenticator_get_options Whith this filter you have access to the current authentication-token:
<?php
$authenticator_options = apply_filters( 'authenticator_get_options', array() );
  • authenticator_bypass_feed_auth gives you the posibillity to open the feeds for everyone. No authentication will be required then.
<?php
add_filter( 'authenticator_bypass_feed_auth', '__return_true' );
  • authenticator_exclude_pagenows Pass an array of $GLOBALS[ 'pagenow' ] values to it, to exclude several WordPress pages from redirecting to the login page.

  • authenticator_exclude_ajax_actions AJAX-Actions (independend of _nopriv) which should not be authenticated (remain open for everyone)

  • authenticator_exclude_posts List of post-titles which should remain public.

Other Notes

Bugs, technical hints or contribute

Please give me feedback, contribute and file technical bugs on GitHub Repo.

Authors, Contributors

Contributors Stats

Licence

Good news, this plugin is free for everyone! Since it's released under the GPL, you can use it free of charge on your personal or commercial blog.

Translations

The plugin comes with various translations, please refer to the WordPress Codex for more information about activating the translation. If you want to help to translate the plugin to your language, please have a look at the .po file which contains all defintions and may be used with a gettext editor like Poedit (Windows) or plugin for WordPress Localization.

Changelog

See commits or read the short version

Something went wrong with that request. Please try again.