Update:: There is no guarantee that this plugin works with the current version of WordPress. I have not been keeping it brushed up and ready as things have been changing with WordPress. If I do fix it in the future, I will notify you of the the fact here first.
I finally got to rewriting the Registered Only plugin. The new version works on WordPress version 1.5.1 and 1.5. The older version had some issues. The new version is much lighter, and uses a core WordPress function, and so should work without any issues. If there are any issues, please report them at the wp-plugins.org issue tracker.
The registered only plugin restricts access to the WordPress weblog and site (including Pages, if any), to registered users who are logged in. This will be useful for those that want a private blog, or a blog restricted to friends and family. Consider it the WordPress version of a friends-only Livejournal or similar.
The latest version has the tag (version number) 2005-05-12-2000. I will be using a YYYY-MM-DD-HHMM (in UTC time) (based on the ISO8601) format for version numbers, since it seems easily sortable, and conveys information about the freshness of the version. You can download it from the wp plugin repository, save the file as registered-only.php and then upload it to your wp-content directory on the web server.
There is now a readme file with relevant details.
Many thanks to the many users who wrote in regarding this plugin over the days. Leave me a comment if you use the plugin and like, or better still, dislike it.
Update: This plugin does not protect your feeds. So you may want to delete the feed files.
Pingback: wordlog.com » Registered Only Plugin Updated
Pingback: All Narfed Up
Thanks for the update! Great plugin for people like me that want privacy.
good question in the comment: does it protect the rss feeds too?
Denis,
I have since updated the post, as well as the readme, to state that it does not protect the feeds. I suspect very few, if any feed readers support any form of authentication
Having just switched from 1.2 to 1.5 I notice there is an option to restrict commenting to registered, logged-in users. I like your plugin but don’t now see the need to install it – I only wanted to restrict who could comment, not who could read (since the password function covers that for my needs).
Madolyn,
The plugin would be handy if you wanted to password protect the entire blog in one swell sweep, as opposed to protect each individual entry, one by one.
FYI, the post levels plugin provides more granular control over hidden posts and does protect RSS feeds.
I am using WP 1.2.2. The plug in works fine. However, is there a way after a user log in to direct them immediately to the index.php rather than the wp-admin/post.php?
Todd,
The plugin is supposed to just redirect the visitor to the page that they arrived at. So, if someone tried to access index.php and got to the login page, they should be redirected to that index.php page after logging in. That is the way it works with 1.5 currently.
Technically, a hashed key is very much equivalent to login/password. So you could create a somewhat minor authentication method by adding a hashed key in the feed url, e.g.:
blog.carthik.net/feed/?key=fecqzhechziff434Q4YGFDGW898655
Sweet!! I’m going to try it out as soon as I get the time
Any thoughts why this wouldn’t work on an (essentially) fresh WordPress 1.5 install?
Bryan,
I will try and install 1.5 on my test setup and look into this. The major difference is that 1.5 did not have the pluggable-functions.php file in wp-includes that 1.5.1 has. So I may need to factor that in, for 1.5.
Awesome, thank you Carthik!
Carthik, I’ve have instructions on my site for updating plugins to 1.5.1: http://fortes.com/2005/05/14/updating-wordpress-plugins-for-151
fil,
Thanks, but that was already taken care of in the this version of the registered-only plugin.
Pingback: le blog à Ollie » Verrouillage
Great plugin! Installed it one of my sites, and it works seamlessly. However, I’ve noticed that when I enter my URL, login as admin, I get the index page, but this does not happen to a level 0 user; the level 0 user enters his/her profile page instead. Is this how its supposed to behave? Or do I need to change the user level? Thanks!
The plugin works almost too good. If the plugin is activated, my rss feeds are blocked when using any sort of rss client. As well, I can’t post through the xmlprc.php. Anyone else seeing this sort of thing?
This will also block access to wp-register.php. Changed my if statement to read as follows:
if (substr($_SERVER['SCRIPT_NAME'], -12) != “wp-login.php” && substr($_SERVER['SCRIPT_NAME'], -15) != “wp-register.php”) {
I suspect excluding rss feeds would just require adding the appropriate condition there as well.
Does not work here.
Redirection limit for this URL exceeded. Unable to load the requested page. This may be caused by cookies that are blocked.
The browser has stopped a connection because the site is redirecting requests to itself in a manner which prevents it from ever completing.
So it seems its an endless loop.
[...]if (substr($_SERVER[’SCRIPT_NAME’], -12) != “wp-login.php†&& substr($_SERVER[’SCRIPT_NAME’], -15) != “wp-register.phpâ€) { [...]
Thanks, that works so far.
http://redalt.com/External/plugins.php?p=registered-only&t=2005-05-12-2000 thie zip file is corupt please give right code
I installed this plugin on my blog and it does exactly when it is supposed to do but I was wondering if there is a fix for something I would like to do.
I want to password protect the blog from only registered users but I want to be allowed to send users to register on their own. Currently the only way I see is to get registered members first then lock the blog down or to manually add members which I want to avoid.
Any ideas?
Thanks,
Jason
does not work here. 5/12/2005 version installed on 1.5.1.3. I can log in as admin, and have it set where anyone can register. However, when someone tries to register which directs them to register.php, or whatever, it gets redirected back to the login page. Endless cycle.
Any ideas? This is exactly what I’m looking for if I can get it to work.
Pingback: Sticky Baby Vibes » I’ve had it.
Thank you so much for the updated version, it finally works perfect for me! I have a question, which might be stupid but still.. is this plugin really safe? Is it guaranteed that the pages and posts will not be accessible from search engines etc?
Maria,
If you take care to remove the files that I have requested users to remove etc, it will be perfectly safe. Please read the readme file in the download, or the instructions in the post, and you’ll be good.
I have two blogs with this plugin installed, and I’d like to pingback between them, but the pingback feature doesn’t seem to work once the plugin is activated. This was confirmed when I tested the pingback using Red Alt’s pingback test page.
Is there a way to allow pingbacks with this plugin activated? I don’t mind only allowing pingbacks from just my other blog.
Otherwise, I’ve found your work very helpful!
Hmm, pingbacks won’t work, as you just found out. I see the case for why they should in your case. I am sort of short of time right now, but what I can suggest is that you try to avoid the redirection from happening for the url of the xmlrpc.php file in your weblog. Mine is http://blog.carthik.net/xmlrpc.php I should expect this to work.
In the plugin, Edit:
if (substr($_SERVER['SCRIPT_NAME'], -12) != “wp-login.php”) {
to read
if ((substr($_SERVER['SCRIPT_NAME'], -12) != “wp-login.php”)||(substr($_SERVER['SCRIPT_NAME'], -10) != “xmlrpc.php”)) {
… you hopefully get the idea
It still doesn’t seem to work.
Using the Red Alt pingback tool, I got a very unhelpful response (the same I got before the modification):
I tried sending a trackback as well from Red Alt, and got the following response (also the same as before the modification):
With my limited knowledge, it looks to me like it’s still trying to redirect…
Thanks for your time.
Just as I thought, it won’t work since when you try to pingback a post, there is a process of autodiscovering the pingback url (of xmlrpc.php), and it won’t work since that will be bounced. I am sorry. The modification required might be more complicated, to ensure that pingback and trackback requests can bypass the plugin…
Having the same problem as rain: the user is redirected to their profile page instead of the home page.
Does auth_redirect() accept arguments? I couldn’t find much on it in the docs, but if it does, that’d be a solution…
Feeling dumb… the solution is to promote the user to at least level 1.
I keep trying to download you file and all I get are empty zip files !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ok. As this feature is rather important for me for these two blogs, I guess I’ll use .htaccess to restrict access.
Your plugin is still useful for some of my other sites, though!
Andromeda,
You can visit the wp-plugins page for the plugin and click on one of the two download links at the bottom of the page. Please ensure that the plugin file does not have any blank lines at the top or the bottom before you use it.
warning [D:\Downloads\WordPress\registered-only_2005-05-12-2000.zip]: Zip file is empty
No files to process
Ron, see the comment above yours, please
Actually, I read the posts. Is there some reason you haven’t fixed the broken zip or removed the link alltogether? Very confusing.
That is a system that provides for automatic downloads from the WP plugins repository. I guess I will change the link for now – I had left it in thinking it was a temporary problem.
I’ve installed and tested this, and everything works fine. Thanks for creting this! I do, however, have a question – can I specify a single username and password, and have all my readers log on with this one ID? Or do I still need to create multiple IDs? Thanks again.
Bloody fantastic! You are awesome, Carthik. Great work!
I’m working with this plugin, and I’m dealing with two issues.
(1) Is changing the look of the wp-login page. Does anyone know of a way to change the look of this page without actually editing it? What I’m looking for is a way to change the display of this page with something like the Themes system, which doesn’t include hacking “core” files.
(2) In the same line with not editing “core” files, I’m looking for a way to disable all feeds via a plugin or setting – anything that wouldn’t require deleting the “core” files. I’m working on a little plugin to do this, but I also wondered…
Can you just set the number of posts to show in your Feeds to ZERO, thereby “disabling” your feeds with one options change? Please check out the settings here: wp-admin/options-reading.php and let me know if you can test this.
I just finished a plugin that (I hope) can serve as a compliment to Registered Only. It’s called Secure Files, and it’s aim is to protect your loose files (images, documents, etc) when using a plugin like Registered Only. You can check it out here:
http://www.almosteffortless.com/?page_id=16
…This plugin is great for people using plugins like Registered Only (and here) that secure your WordPress blog (Posts, Pages, etc). The problem with these plugins is that your loose files aren’t protected – only the contents of your WordPress database. So, any images or other documents you’ve uploaded are easily accessible to those who aren’t authenticated via a plugin like Registered Only. This plugin aims to solve this problem…
When I attempt to activate this I get a string of warnings about “Headers already loaded” or some such. Is this a collision with another plugin? If so, can it be solved?
Thanks.
Jim,
There are no such errors under standard conditions, so looking into the errors themselves might give you a clue as to which plugins/files are generating the errors. Beyond that, with the info you have provided, I don’t really know.
Hi,
I’m still looking for a fix to the redirection problem mentioned above. I made the code change suggested in a previous posters comment to allow for open registration for users, but now I get a redirection error.
Any ideas?
Thanks!
Martha
I’ve tried this and it works great. But a strange thing is that it DOES protect the RSS feeds. I’m trying to still allow RSS feeds to go out, but it doesn’t work because if I enter the RSS URL, it redirects to wp-login.php.
How can I change this to NOT block my feeds?