Home of a med student who likes to manage websites and talk tech!

Protect Wordpress pages – Members Only!

with 4 comments

WordPress LogoEver since upgrading one of my managed WordPress sites, I have been performing tweaks to address both security and usability concerns. One part of the site that I needed to modify was a page containing member e-mail addresses for a campus non-profit organization. Somehow, leaving that page open for anyone to view made me feel uncomfortable. Although Google’s spam filters were capturing the majority of spam for our domain’s e-mail accounts, I could not say the same for Hotmail, Yahoo and other webmail users.

I started searching the WordPress.org Support Forum and WordPress.org Plugins selection, but could not find a proper solution, so off to Google I went! Unfortunately, the solution did not come in a nice packaged plugin. RedwingStudio.com has an article describing the creation of a custom template using PHP in which a function is called to verify that the user is logged in before allowing content viewing. I simply copied the entire template, gave it a custom name with a .php extension and uploaded it to the working theme’s directory. However, before doing that, I replaced the following:


and also edited action=’../wp-login.php’ to reflect action=’../../wp-login.php’, since this page was actually a subpage that I was protecting. Read the comments in the code for more information.

After uploading the single PHP file to the theme’s directory within the WordPress installation via FTP, I went to Dashboard > Manage > Pages and selected the subpage that I wanted to protect. Because this new template was now included in the theme’s folder, it was available for applying to the current page so I simply selected it and updated the page.

That was all! I tested it out by logging out and trying to access the now-protected page. As expected, the page did not display the original content since I was not logged in, but once I entered my login information into the form that appears on the page I was able to view it. Excellent!

I am not sure if this minor modification will prevent web crawlers from harvesting e-mail addresses from the site. Other measures are being taken to address that issue separately through some .htaccess editing.


Written by falcon1986

12 June, 2008 at 10:20 PM

4 Responses

Subscribe to comments with RSS.

  1. […] Google Calendar into WordPress without header bloat Ever since I discovered how to password protect individual pages on my WordPress blog a few things started to click in my brain. I thought that, if you could use a […]

  2. This is exactly what I needed for a client’s site. Thank you!


    5 August, 2008 at 9:00 PM

  3. Just a quick update: When you change WordPress themes you will have to copy the above template to that theme’s folder. In addition, since one theme’s page structure template may differ from another, you will have to use the structure of your new theme’s page.php template.


    21 October, 2008 at 8:25 PM

  4. Hi..
    can I get the source code, please… email me, and I will thank you to you as much as I can 🙂


    26 September, 2010 at 3:27 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: