Registered Only Plugin Reworked
Thursday, May 12, 2005
I finally got to rewriting the Registered Only plugin. The new version works on WordPress version 1.5.1 and 1.5. The older version had some issues. The new version is much lighter, and uses a core WordPress function, and so should work without any issues. If there are any issues, please report them at the wp-plugins.org issue tracker.
The registered only plugin restricts access to the WordPress weblog and site (including Pages, if any), to registered users who are logged in. This will be useful for those that want a private blog, or a blog restricted to friends and family. Consider it the WordPress version of a friends-only Livejournal or similar.
The latest version has the tag (version number) 2005-05-12-2000. I will be using a YYYY-MM-DD-HHMM (in UTC time) (based on the ISO8601) format for version numbers, since it seems easily sortable, and conveys information about the freshness of the version. You can download it from the wp plugin repository, save the file as registered-only.php and then upload it to your wp-content directory on the web server.
There is now a readme file with relevant details.
Many thanks to the many users who wrote in regarding this plugin over the days. Leave me a comment if you use the plugin and like, or better still, dislike it.
Update: This plugin does not protect your feeds. So you may want to delete the feed files.
Filed by Carthik at 3:00 pm under plugin, WordPress
[…] in Updated
Filed under: Plugins — Carthik @ 4:37 pm
I have updated the Registered-Only Plugin which provides an effective way to protect your […]
Registered Only plugin updated
Carthik finally got time to update the Registered Only plugin. He was nice enough to email those who asked him! It restricts everything on your blog to registered members only, but I don’t think it protects your RSS feeds. Nevertheless, this loo…
Thanks for the update! Great plugin for people like me that want privacy.
good question in the comment: does it protect the rss feeds too?
Denis,
I have since updated the post, as well as the readme, to state that it does not protect the feeds. I suspect very few, if any feed readers support any form of authentication
Having just switched from 1.2 to 1.5 I notice there is an option to restrict commenting to registered, logged-in users. I like your plugin but don’t now see the need to install it - I only wanted to restrict who could comment, not who could read (since the password function covers that for my needs).
Madolyn,
The plugin would be handy if you wanted to password protect the entire blog in one swell sweep, as opposed to protect each individual entry, one by one.
FYI, the post levels plugin provides more granular control over hidden posts and does protect RSS feeds.
I am using WP 1.2.2. The plug in works fine. However, is there a way after a user log in to direct them immediately to the index.php rather than the wp-admin/post.php?
Todd,
The plugin is supposed to just redirect the visitor to the page that they arrived at. So, if someone tried to access index.php and got to the login page, they should be redirected to that index.php page after logging in. That is the way it works with 1.5 currently.
Technically, a hashed key is very much equivalent to login/password. So you could create a somewhat minor authentication method by adding a hashed key in the feed url, e.g.:
blog.carthik.net/feed/?key=fecqzhechziff434Q4YGFDGW898655
Sweet!! I’m going to try it out as soon as I get the time
Any thoughts why this wouldn’t work on an (essentially) fresh WordPress 1.5 install?
Bryan,
I will try and install 1.5 on my test setup and look into this. The major difference is that 1.5 did not have the pluggable-functions.php file in wp-includes that 1.5.1 has. So I may need to factor that in, for 1.5.
Awesome, thank you Carthik!
Carthik, I’ve have instructions on my site for updating plugins to 1.5.1: http://fortes.com/2005/05/14/updating-wordpress-plugins-for-151
fil,
Thanks, but that was already taken care of in the this version of the registered-only plugin.
[…] peut également verrouiller son blog WordPress totalement, comme sur TypePad par exemple. Un plugin a été développé dans ce sens par Carthik […]
Great plugin! Installed it one of my sites, and it works seamlessly. However, I’ve noticed that when I enter my URL, login as admin, I get the index page, but this does not happen to a level 0 user; the level 0 user enters his/her profile page instead. Is this how its supposed to behave? Or do I need to change the user level? Thanks!
The plugin works almost too good. If the plugin is activated, my rss feeds are blocked when using any sort of rss client. As well, I can’t post through the xmlprc.php. Anyone else seeing this sort of thing?
This will also block access to wp-register.php. Changed my if statement to read as follows:
if (substr($_SERVER[’SCRIPT_NAME’], -12) != “wp-login.php” && substr($_SERVER[’SCRIPT_NAME’], -15) != “wp-register.php”) {
I suspect excluding rss feeds would just require adding the appropriate condition there as well.
Does not work here.
Redirection limit for this URL exceeded. Unable to load the requested page. This may be caused by cookies that are blocked.
The browser has stopped a connection because the site is redirecting requests to itself in a manner which prevents it from ever completing.
So it seems its an endless loop.
[…]if (substr($_SERVER[’SCRIPT_NAME’], -12) != “wp-login.php” && substr($_SERVER[’SCRIPT_NAME’], -15) != “wp-register.php”) { […]
Thanks, that works so far.
http://redalt.com/External/plugins.php?p=registered-only&t=2005-05-12-2000 thie zip file is corupt please give right code
I installed this plugin on my blog and it does exactly when it is supposed to do but I was wondering if there is a fix for something I would like to do.
I want to password protect the blog from only registered users but I want to be allowed to send users to register on their own. Currently the only way I see is to get registered members first then lock the blog down or to manually add members which I want to avoid.
Any ideas?
Thanks,
Jason
does not work here. 5/12/2005 version installed on 1.5.1.3. I can log in as admin, and have it set where anyone can register. However, when someone tries to register which directs them to register.php, or whatever, it gets redirected back to the login page. Endless cycle.
Any ideas? This is exactly what I’m looking for if I can get it to work.
[…] do it so you don’t have to enter the password each time, I will. I’ve tried this plugin, and for some reason it doesn’t work correctly on my […]
Thank you so much for the updated version, it finally works perfect for me! I have a question, which might be stupid but still.. is this plugin really safe? Is it guaranteed that the pages and posts will not be accessible from search engines etc?
Maria,
If you take care to remove the files that I have requested users to remove etc, it will be perfectly safe. Please read the readme file in the download, or the instructions in the post, and you’ll be good.
I have two blogs with this plugin installed, and I’d like to pingback between them, but the pingback feature doesn’t seem to work once the plugin is activated. This was confirmed when I tested the pingback using Red Alt’s pingback test page.
Is there a way to allow pingbacks with this plugin activated? I don’t mind only allowing pingbacks from just my other blog.
Otherwise, I’ve found your work very helpful!
Hmm, pingbacks won’t work, as you just found out. I see the case for why they should in your case. I am sort of short of time right now, but what I can suggest is that you try to avoid the redirection from happening for the url of the xmlrpc.php file in your weblog. Mine is http://blog.carthik.net/xmlrpc.php I should expect this to work.
In the plugin, Edit:
if (substr($_SERVER[’SCRIPT_NAME’], -12) != “wp-login.php”) {
to read
if ((substr($_SERVER[’SCRIPT_NAME’], -12) != “wp-login.php”)||(substr($_SERVER[’SCRIPT_NAME’], -10) != “xmlrpc.php”)) {
… you hopefully get the idea
It still doesn’t seem to work.
Using the Red Alt pingback tool, I got a very unhelpful response (the same I got before the modification):
I tried sending a trackback as well from Red Alt, and got the following response (also the same as before the modification):
With my limited knowledge, it looks to me like it’s still trying to redirect…
Thanks for your time.
Just as I thought, it won’t work since when you try to pingback a post, there is a process of autodiscovering the pingback url (of xmlrpc.php), and it won’t work since that will be bounced. I am sorry. The modification required might be more complicated, to ensure that pingback and trackback requests can bypass the plugin…
Having the same problem as rain: the user is redirected to their profile page instead of the home page.
Does auth_redirect() accept arguments? I couldn’t find much on it in the docs, but if it does, that’d be a solution…
Feeling dumb… the solution is to promote the user to at least level 1.
I keep trying to download you file and all I get are empty zip files !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ok. As this feature is rather important for me for these two blogs, I guess I’ll use .htaccess to restrict access.
Your plugin is still useful for some of my other sites, though!
Andromeda,
You can visit the wp-plugins page for the plugin and click on one of the two download links at the bottom of the page. Please ensure that the plugin file does not have any blank lines at the top or the bottom before you use it.
warning [D:\Downloads\WordPress\registered-only_2005-05-12-2000.zip]: Zip file is empty
No files to process
Ron, see the comment above yours, please
Actually, I read the posts. Is there some reason you haven’t fixed the broken zip or removed the link alltogether? Very confusing.
That is a system that provides for automatic downloads from the WP plugins repository. I guess I will change the link for now - I had left it in thinking it was a temporary problem.
I’ve installed and tested this, and everything works fine. Thanks for creting this! I do, however, have a question - can I specify a single username and password, and have all my readers log on with this one ID? Or do I still need to create multiple IDs? Thanks again.
Bloody fantastic! You are awesome, Carthik. Great work!
I’m working with this plugin, and I’m dealing with two issues.
(1) Is changing the look of the wp-login page. Does anyone know of a way to change the look of this page without actually editing it? What I’m looking for is a way to change the display of this page with something like the Themes system, which doesn’t include hacking “core” files.
(2) In the same line with not editing “core” files, I’m looking for a way to disable all feeds via a plugin or setting - anything that wouldn’t require deleting the “core” files. I’m working on a little plugin to do this, but I also wondered…
Can you just set the number of posts to show in your Feeds to ZERO, thereby “disabling” your feeds with one options change? Please check out the settings here: wp-admin/options-reading.php and let me know if you can test this.
I just finished a plugin that (I hope) can serve as a compliment to Registered Only. It’s called Secure Files, and it’s aim is to protect your loose files (images, documents, etc) when using a plugin like Registered Only. You can check it out here:
http://www.almosteffortless.com/?page_id=16
…This plugin is great for people using plugins like Registered Only (and here) that secure your Wordpress blog (Posts, Pages, etc). The problem with these plugins is that your loose files aren’t protected - only the contents of your Wordpress database. So, any images or other documents you’ve uploaded are easily accessible to those who aren’t authenticated via a plugin like Registered Only. This plugin aims to solve this problem…
When I attempt to activate this I get a string of warnings about “Headers already loaded” or some such. Is this a collision with another plugin? If so, can it be solved?
Thanks.
Jim,
There are no such errors under standard conditions, so looking into the errors themselves might give you a clue as to which plugins/files are generating the errors. Beyond that, with the info you have provided, I don’t really know.
Hi,
I’m still looking for a fix to the redirection problem mentioned above. I made the code change suggested in a previous posters comment to allow for open registration for users, but now I get a redirection error.
Any ideas?
Thanks!
Martha
I’ve tried this and it works great. But a strange thing is that it DOES protect the RSS feeds. I’m trying to still allow RSS feeds to go out, but it doesn’t work because if I enter the RSS URL, it redirects to wp-login.php.
How can I change this to NOT block my feeds?
With the help of PHP guru, we figured this out to enable the RSS to still work. Change the if to:
if (substr($_SERVER[’SCRIPT_NAME’], -12) != “wp-login.php” && substr($_SERVER[’QUERY_STRING’], -9) != “feed=rss2″) {
And then the scripts are unsecured and will still work with standard RSS readers.
Hi,
This puglin is exactly what i’m looking for, but wehn i activate it, i have a problem on my page. The following inscription appears : “Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/domainename/httpsdocs/blog/wp-content/plugins/registered-only.php:2) in /home/httpd/vhosts/domainename/httpsdocs/blog/wp-admin/admin.php on line 10
I don’t know why.
I use the WP version 1.5.2.
Thanks for you advice and help.
Any chance that this plugin will work in version 2.0 of WordPress? Has anyone tested Registered Only in WordPress 2.0?
Would you consider updating this plugin if it doesn’t work in WordPress 2.0?
hi! i’m new to wordpress so please bare with the ignorance
how do i contain several users to read my blog while the Registered only plugin is activated?
Thanks
I can’t post via gnome-blog (or blogtk) when the plugin is activated. Deactivating it fixes the problem.
Is there some workaround to use both?
Thanks
George, I’ve just installed and the plugin seems to work perfectly with 2.0
orange, nice name… It’s my surname. The easiest option would be to create logins for the users in the admin panel and provide those to who you’d be sharing your content with.
appears to work on wp2.0
Thank you for the pluggin. This is exactly what I need. But I got a problem, on the login page, the register link does not seems to work. It loads the same page again instead of another form to register. Anyone has the same problem? Thanks…
Works great in WP2.02. Also the register link on the main site still works great. Thanks; realy good, brief and efficient plugin.
It appears that the RSS feed fix provided by DJosephDesign on November 2, 2005 no longers works under version 2. Can anyone confirm that or offer a solution?
Is there any way to use this plugin to restrict only some posts under some category, but not the whole blog? That should be really awesome, I found some other plugins that can do that, but they either not working well, or not supported for WP 1.5
Thanks in advance!
Regards,
Dario
I wanted to thank you for this plugin.My site had been troubled by trolls but your plugin solved the problem.Much appreciated!
Thanks a lot for the plugin. It’s functionality was exactly what I was looking for.
I was trying to use this on my WP 2.02 blog … and I think it worked fine! That is - until I logged out - I wanted to see if it was truly hidden. It just gave a whole bunch of errors. So, I tried to log back into the blog. It wouldn’t let me access the login page and the blog was lost to me altogether. Fortunately, it was a group blog and another member was still logged in and that person deactivated the plugin.
I’m now concerned about having the plugin activated. Is there a fix for this? I know this is an old plugin by Carthik and not meant for new WP versions, and all other disclaimers. I need this for a private network blog though. Any suggestions would be helpful. I’ll check back later.
Just curious mostly… I’ve added the performancing plugin to firefox and can’t access my wordpress blog thru it. I am running your registered_only plugin and I wonder if that’s the issue… ok, I know that’s the issue, but I would think that it should be able to do the login. If you have any thoughts, drop me an email when you have time. Thanks for the handy plugin!!! Yours was the first one I added!
Amazed this functionality isn’t part of WordPress core. Thanks for this! However, I’ve just realized that using it makes a blog incompatible with posting clients such as Ecto. Hmmm… I guess this is related to the XMLRPC issues noted above. Would be great if there were some kind of work-around for that.
Carthik, for somereason, i’m unable to use Windows live editor on one of my blogs on which i’m using “Registered Only” plugin. I am unable to add the blog in the live editor when the plugin is enabled and when i disable it, i am able to add the blog and post stuff. How to solve this ploblem when the plugin is enabled and blog is still protected.
With “Registered only” and Windows live Editor, i get a perfect secret blog.
if you can solve this issue, please reply to my post here: http://www.gangavalli.com/blog/2006/10/05/playing-with-the-new-windows-live-writer/
It appears that the RSS feed fix provided by DJosephDesign on November 2, 2005 no longers works under version 2. Can anyone confirm that or offer a solution?
Has anyone found a solution to this? I’m using 2.0.4. Getting feeds in NetNewsWire when plugin is deactivated, but feeds won’t come through when plugin is activated.
Tried DJosephDesign’s suggestion, adding “wp-rss.php” in place of “feed=rss2″ - which was causing a syntax error because of the ‘=’
Thanks for any assistance.
This plugin worked flawlessly — thanks! I spent a couple of hours trying to use another similar plugin to no avail. Your’s worked perfectly.
Thanks! Your plugin is just what I was looking for and it works flawlessly on Wordpress 2.1.2!
Thanks alot! It works perfectly with WP2.2.1!
Hooray for this old one!
Thanks..
[…] Açıklamalı 230 Wordpress eklentisi (Agu. 15, 2007) (Wordpress plugin list),[…]