Protect WordPress pages – Members Only!
Ever since upgrading one of my managed WordPress sites, I have been performing tweaks to address both security and usability concerns. One part of the site that I needed to modify was a page containing member e-mail addresses for a campus non-profit organization. Somehow, leaving that page open for anyone to view made me feel uncomfortable. Although Google’s spam filters were capturing the majority of spam for our domain’s e-mail accounts, I could not say the same for Hotmail, Yahoo and other webmail users.
I started searching the WordPress.org Support Forum and WordPress.org Plugins selection, but could not find a proper solution, so off to Google I went! Unfortunately, the solution did not come in a nice packaged plugin. RedwingStudio.com has an article describing the creation of a custom template using PHP in which a function is called to verify that the user is logged in before allowing content viewing. I simply copied the entire template, gave it a custom name with a .php extension and uploaded it to the working theme’s directory. However, before doing that, I replaced the following:
and also edited action=’../wp-login.php’ to reflect action=’../../wp-login.php’, since this page was actually a subpage that I was protecting. Read the comments in the code for more information.
After uploading the single PHP file to the theme’s directory within the WordPress installation via FTP, I went to Dashboard > Manage > Pages and selected the subpage that I wanted to protect. Because this new template was now included in the theme’s folder, it was available for applying to the current page so I simply selected it and updated the page.
That was all! I tested it out by logging out and trying to access the now-protected page. As expected, the page did not display the original content since I was not logged in, but once I entered my login information into the form that appears on the page I was able to view it. Excellent!
I am not sure if this minor modification will prevent web crawlers from harvesting e-mail addresses from the site. Other measures are being taken to address that issue separately through some .htaccess editing.