Restrict public access to WordPress website

With the Restricted Site Access plugin, you can restrict public access to WordPress and allow access only for logged-in visitors or specific IP addresses. Visitors without access can choose to see a specific page, message or login screen, or be redirected to a different URL.

Restricted Site Access Plugin

You can download Restricted Site Access from the official WordPress.org directory. The plugin is actively maintained and further developed. Questions and problems are also answered regularly in the support forum.

Restrict access to logged in visitors or to a specific IP range. Offers many ways to handle visitors without access.

By: Jake Goldman, 10up, Oomph

Last updated:
2 months ago

20,000+ active installs

Compatible up to: 5.9.3

Configure access to WordPress website

After installing the plugin, you can access your WordPress installation at Settings → Reading Configure in your WordPress backend. For this purpose, the option for visibility in search engines is expanded by another checkbox.

Danger: When the plugin is activated, access to the website for unregistered visitors is automatically limited and the plugin is active, even without configuration.

Configure access to WordPress website

In the second option of the plugin you can set how the plugin should behave for visitors without access to the website. You can send unregistered visitors to the WordPress login screen, redirect them to any URL, or display a static page of your WordPress installation.

Behavior for visitors without access

Depending on the option selected, further settings open, e.g. B. to set the URL and status code for the redirect.

Allow access to WordPress for specific IP addresses or IP ranges

While access to the WordPress installation is only permitted for registered visitors by default, you can also activate specific IP addresses or IP ranges for access. After specifying one or more IPs, these visitors can visit the website as normal without logging in.

Allow access for specific IP addresses

This can be used, for example, to implement public intranets or extranets. The option can also be useful for developers, for example to give customers access to test the website in advance.

Plugin Limitations

It is important to note that the plugin can restrict access to the WordPress installation, but is not active at the server level. This means, among other things, that uploaded files such as images can still be accessed via the direct file URL, since WordPress is not running here either.

You also have to be careful with caching plugins. These often save the entire website as static HTML and deliver it to logged-out visitors without WordPress being active. The plugin does not work here, which is why I would generally not use caching in combination with the plugin.

IP addresses can also be falsified and thus unintentionally open up access to unwanted people. In short: The plugin is a practical little helper and useful tool, but I would not use it to operate an intranet with highly sensitive information.

If you only want to temporarily take your website offline for updates and don’t need a feature for access from specific IP addresses, I recommend one of the many plugins to put WordPress into maintenance mode instead.