Plugin : Registered Users Only

Update: Please get the plugin from the repository. You can file bug reports there as well. It makes it a lot easier for me to manage the plugin’s development.

I was gonna call this plugin “Bouncer” but settled for a more explanatory name instead.

This plugin will allow only registered users of your blog to view the blog. If you have a wordpress powered blog that you don’t want your parents, or the secretary in your office, or the POTUS, to read it(okay, well, I can’t guarantee the last one :P), then View source and save or Download the .zip file to start using it. This will effectively password protect your wordpress blog, and also prevent search engines from indexing the pages in the blog.

Instructions :

  1. Save the file registered_only.php to your wp-content/plugins folder
  2. Activate the plugin from the plugin administration page
  3. Relax

Usage Notes:

  1. If you really want your defense against unscrupulous readers to be strong, then disable the “Anyone can register” option in Options->General in your WordPress administration interface.
  2. If you want google and other search engines to be able to index your blog pages, then comment(add two // in the beginning of) the line
    echo '<meta name="robots" content="noindex,follow" />'; . This, however, would mean that the search engines might index your pages and if you want a “private” blog, then this would not be suitable, which is why is it uncommented by default.
  3. If you are getting a “headers already sent” warning, then try adding the following one line to your .htaccess file (create a file called .htaccess if you don’t have one already) :
    PHP_FLAG output_buffering on

This plugin is basically the auth.php file that ships with WordPress 1.2, adapted to fit needs, and is distributed under the GPL license.

This entry was posted in plugin and tagged . Bookmark the permalink.

106 Responses to Plugin : Registered Users Only

  1. don says:

    looks like this for me:

    Warning: Cannot modify header information – headers already sent by (output started at /home/httpd/fixit/www/news/index.php:9) in /home/httpd/fixit/www/news/wp-content/plugins/registered_only.php on line 63

    Warning: Cannot modify header information – headers already sent by (output started at /home/httpd/fixit/www/news/index.php:9) in /home/httpd/fixit/www/news/wp-content/plugins/registered_only.php on line 64

    Warning: Cannot modify header information – headers already sent by (output started at /home/httpd/fixit/www/news/index.php:9) in /home/httpd/fixit/www/news/wp-content/plugins/registered_only.php on line 65

    Warning: Cannot modify header information – headers already sent by (output started at /home/httpd/fixit/www/news/index.php:9) in /home/httpd/fixit/www/news/wp-content/plugins/registered_only.php on line 66

    Warning: Cannot modify header information – headers already sent by (output started at /home/httpd/fixit/www/news/index.php:9) in /home/httpd/fixit/www/news/wp-content/plugins/registered_only.php on line 72

  2. don says:

    I might add, this is the latest stable version of WP, it works great without activation. As soon as I activate, then I get the error (when not logged in). There are no other plug-ins activated. Something is not quite right.

  3. don says:

    ok with a bit more work …
    I put this:
    ob_start(); at the start of the first php coding about line two.
    and I went all the way to the bottom of the index.php file and added at the bottom the following:

    It is the last thing in the index.php file now … and it appears to work.
    We’ll see if it takes this post. Post 24ish was the key, but I couldn’t quite figure out where to put this. I’ll now have to research a bit to figure out what the effect of this action is, but it appears to make this all work. I might add, that I used a plain text editor and have no trailing lines anywhere, so that wasn’t the problem.

  4. don says:

    opps …

    sorry for any confusion.

    Site administator please truncate all of these posts, delete most of the first one and just give my solution if you will be so kind.

  5. Fimion says:

    When i activate this plugin in version 1.2.2, It doesn’t appear to work. any suggestions?

  6. Carthik says:


    There is a new version I checked into the plugin repository. The URL is . Please check that out and see if that works for you. You can file any bug report there at the repository, by opening a ticket. It is easier for me to keep track of it over ther.

    Thank you.

  7. Myisha says:

    i really like your plugin i fact i’m using it on my private blog..I have a few questions to ask you..Is there any way I could approve or disappove registeration before they would be able to view my blog?Any plugins available that would help me achieve this?Would it be difficult to create one myself(I have php skills)

    Thanks in advance

  8. Carthik says:


    Could you please follow up on the plugin at the repository ticket system? That will help me keep track of all the issues in one place.

    As for a solution, I will have to modify the plugin to allow only users with level 1 (or 2) or something to view the posts. Then you can “promote” those new registered viewers that you want to allow to view the posts.

  9. CypherXero says:

    This plugin needs to be updated for WordPress 1.5

  10. Daniel says:

    Yes, I agree. I would very much like to see this plugin working with 1.5 I tried the latest CVS version (0.4) and it still didn’t work. I love this plugin.

  11. Pingback: Leaberry Family Weblog » Blog Archive » Registered user plugin for the blog

  12. sascha says:

    Hi Carthik, have you got any plans to update the Plugin to 1.5?

  13. admin says:

    I will upgrade it this weekend, hopefully, Sascha.

  14. candy says:

    can it be used to password protect a blogspot blog?

    some unknown person has been coming to my blog and tagging me, leaving very rude and defaming comments about me.

    im reluctant to shift my blog to another provider thus i surfed upon this website and found this..

  15. admin says:


    I am sorry, but no, this is useful only for wordpress blogs.

  16. Matt says:

    I am also awaiting an update for this awesome plugin to work with WP 1.5.

    Many thanks :)


  17. Matt says:

    Perhaps this should be updated to reference the plugin repository?

  18. admin says:

    Thanks for the reminder Matt. I’ve done it.

  19. Bryan says:

    Hey Carthik, has this been updated yet? Just wanted to say I was hoping you’d get this working for 1.5, too. :)

  20. Scott says:

    Would you send the updated plugin to my email when you are done?

  21. admin says:

    Sure thing, Scott.

  22. marshall says:

    Great plugin…but to echo the above sentiments, is there a 1.5-compatible ver yet? You have some anxiously awaiting fans…

  23. Dave says:

    I haven’t seen this plugin in action, but I found it when I was looking for a way to restrict access to my entire site (does it?). I could also use the .htaccess method or a php login script, but since I’m in the progress of implementing WP as the main access point for my site, I suppose (like I said, haven’t seen it in action yet) this would be the cleanest solution.
    So, umm, what marshall said.. 😉

  24. David Fraser says:

    I have a patch that makes this work with WordPress 1.5, I’m not a PHP coder so it would need to be adjusted as it assumes the directory is /blogs/ (needs this to exclude the login URI)
    It’s at

  25. admin says:

    Thank you, David. I appreciate your help :)
    I wanted to update the plugin to use some of the new functions that do the work in the core, in 1.5
    I should get down to it sometime…life interferes.

  26. Scott says:

    when i ran that patch i got the following message

    patching file registered_only.php
    Hunk #1 succeeded at 26 with fuzz 2.
    Hunk #2 FAILED at 57.
    1 out of 2 hunks FAILED — saving rejects to file registered_only.php.rej

    does that still mean it worked?

  27. admin says:


    I have uploaded the patched file to

    Please try it out, Scott.

  28. Michael G. says:

    That worked! Thanks! First time using WP and this plugin. I created a “level 1” user and upon login it takes you to the admin profile page rather than the actual blog page…any idea what needs to be tweaked? I raised the level to 5 and got the full admin page…which is ok for a full admin…but not otherwise. Suggestion on where to start tweaking?


    Michael G.

  29. admin says:

    That is the default WP behaviour, and even without the plugin, a user who logs in would be taken to those pages you mention.

    A level 5 user will have less privileges than a level 10 admin user, and level 1 user will have even less privileges.

  30. Dave says:

    Thanks for the patch guys. I had a few hick-ups, which I thought I’d mention here, so perhaps someone else might benefit.

    First, I got the infamous header errors after plugin activation. Turns out, that was caused because the line ‘//Comment this line if you want your blog to be indexed by search engines’ in the page had wrapped and // only works if the comment is on the same line. It wasn’t in my case, since it had wrapped. Correcting this solved the header problem for me.

    The only other thing was changing the ‘blogs’ ‘if ($_SERVER[‘PHP_SELF’] != ‘/blogs/wp-login.php’)’ into wordpress, since that is the name of the folder I keep it in (might be obvious, but there you go).

    After that it all worked and I could see the plugin in action. I really like it. The only 2 things I noticed that I don’t really like, are the fact that in MSIE the login area aligns to the left (in Firefox no probs but most of my users still have MSIE) and that once logged in, you are taken to your profile and not to the blog main page. Now before you go, ‘Yeah, but..’. I know, those 2 gripes have nothing to do with this plugin, they are default WP behaviour. Nonetheless, I thought I’d mention that, since this plugin highlights those issues and you might get people that think it’s the plugin.

    I’m definitely going to use this plugin for my site (Thanks Carthik, Ryan and David) and I’ll try and get rid of the last 2 issues somehow. I’m sure it’s either not that difficult or someone has already figured it out.

  31. Dave says:

    Hmm, did a bit more testing, but it seems that the login div in wp_login.php does center properly in wordpress, but after having activated the registered only plugin the login div suddenly aligns to the left. Does anyone have any idea why and how to get it centered? I assume it’s some MSIE & CSS bug as usual, but have no clear idea of what it is.

    I haven’t gotten closer to configuring wp to go to the main page either. The only thing I can come up with is putting a hard link to /wp_admin/ (to be able to get to the profile area) in the sidebar and deleting the reference to /wp-admin/profile.php on line 178 of login.php. Then, if you login you always go to the blog root. I suppose it works, but it’s hardcoding and clunky at that. Does anyone have a more elegant solution?

    While I’m at it – this kinda relates – I posted this question in the forum (how to & troubeshooting, title is: Wp_register & wp_loginout don’t change?, in which I responded to someone with a similar problem), if you’re a Level 0 user the Register and Login links don’t change to Site Admin (which should really be ‘Profile’ for all but the admin but that’s another question) and Logoff. However, they don’t and remain Register and Login. I need to keep the level at 0, but do want to see those links change.
    Btw, when you’re logged in as a level 0 user and click on Login, it takes you to the profile page, which, if you’ve deleted the reference on line 178 as indicated above, changes to doing nothing. Big story, but I thought I’d add as many details as I could.

    Could anyone help me out with the above 3 questions? Help would be very much appreciated.

  32. David says:

    After a bit of digging and experimenting I discovered that the following line is what was causing the misalignment problems in MSIE.

    echo ”;

    The alignment problem was also present in the particular theme I am using. If I remove the “robots” line then all is well.

    What are the ramifications of not having this line present and having a password protected blog?

  33. David says:

    My previous post seems to not display properly. The problem causing line is (with the comment characters):
    //echo ”; //Comment this line if you want your blog to be indexed by search engines

  34. DavidM says:

    More display problems… the alignment problems are caused by the line regarding robots and search engines.

  35. TedFox says:

    I tried using this plugin.

    so to answer dave.

    I got the same problem with CSS. at first, it entirely screwed up my sidebar. I then inserted some code to spell things out more explicitly, (previously, i was just counting on the default settings provided in the css already). And it fixed it in firefox. I opened up in IE. only to see an entire mess. Not only was my blog aligned to the left. but many other settings as well. I COULD look through my CSS again. but that’s a long job. And i’m just curious as to why the plugin would affect it in the first place.

    $redir = ‘Location: ‘ . get_settings(‘siteurl’) . ‘/wp-login.php?redirect_to=

    this line in the plugin is affecting what it redirects to after logging in. urlencode($_SERVER[‘REQUEST_URI’]);

  36. admin says:

    The robots.txt line is in place so that your blog entries do not get crawled by google, or other search engines. You can do without it, as the robot would not know the password to view the pages as well, I guess.

  37. michelle says:

    i am trying to password protect a WP blog that is on a subdomain. i followed the directions and activated the plugin, and there are no errors, but there is nothing happening either. i can still go to the site and see everything without being prompted…

    i’d rather use this plugin if i can get it to work, .htaccess seems so much more complicated :( anyone have any tips?

    thanks in advance,

  38. Pingback: Carthik’s Blog » Blog Archive » Registered Only Plugin Reworked

  39. admin says:

    A new version of this plugin is now available. Please try it out and report on your findings.

    Thanks everyone for using the plugin and being such great users!

  40. Dave says:

    I’ve tested the new plugin and it no longer aligns to the left in MSIE but nicely stays in the middle. Well done :-)

    The other issues I mentioned in my post of April 9th, 2005 at 11:24 pm are still there, but then again they probably should be addressed through a fix to WordPress rather than your plugin.

    Thanks for the emailed update, very handy since I don’t check that often.

  41. febwa1976 says:

    I have started using the plugin and it works really well – jus what I was looking for – thanks.

    Question is I cannot find

    ‘echo ”; so how do I know I have stopped the search engines.


  42. Pingback: Because I Write » Blog Archive » Plugin for Registered User Only

  43. Pingback: Stanley’s » Registered User Only - Plugin

  44. sfong says:

    Would you consider writing a plugin just for me at a nominal sum? I can’t make your plugin to work but I think I need something slightly different from what you have described here. I am hoping to have a plugin which doesn’t stop people from viewing the blog. Instead when I compose each post I want a “tick box” to select if I want that particular post to be viewable by registered users only. A further step would be a combo selection to allow which level of registered users to view.

    Under Manage>Posts and Pages, there should also be a column showing what posts/pages have been ticked for registered users (and level) only such that I could uncheck some if I want to.

    My php skill isn’t good enough to do this and I desperately want to have one for my blog at a hosted site (not that at presumbly one has to fiddle auth.php file and admin.php such that the feature can be displayed.

    Generally visitors to my blog will see the post titles and a note saying that only level ? registered users are allowed to view this post etc…. Of course an option should also be given on the header or sidebar for users to login right away without the hassle of logging in midway.

  45. Carthik says:

    sfong, sorry for the delayed reply. I cannot write the plugin for you now since I am caught up with school and work at school. I am so sorry I can’t :( Hope you understand.

  46. Bfj says:

    I just installed the plugin for the password protection, but nothing is changed, after the plugin is activated, I can still enter the page without entering any password (also after deleting the cookies on my computer)… The version of wordpress that I use is 1.5.2
    I hope that you can help me :-)

  47. tinyboxer says:

    sfong –

    Have you checked out Category Levels: (look at the link at the bottom of the page). This does most of what you are asking for.

  48. Amarand says:

    First off, thanks for this great and useful plugin! Of course, I personally have always believed that this security feature should be integrated into any good blogging system (the ability to say “no one can see unless authenticated”)…but I digress.

    I’m using WP 1.5.2, and when I try to go to the site it gives me a grey screen, which serves the purpose of not allowing an unauthenticated user access wonderfully! When I authenticate, things start to work again.

    My question is this: is there a way to generate an automatic redirect to the login page for an unauthenticated user?

    Thanks again!!

  49. Xochi says:

    I also have not been able to get this to work. The site won’t even load. With both Safari and Firefox the message says something about too many redirects or problem with blocked cookies. On Firefox I erased all cookies and still no luck. Any ideas?