Password protect wordpress blog

I have created a WordPress Plugin now Download here

Place this at the top of header.php

session_start();
if(isset($_SESSION['authenticated'])){
if($_SESSION['authenticated'] == "yes") {
$authenticated = "yes";
}
else{
$authenticated = "no";
}
}
else{
$authenticated = "no";
}

if($authenticated != "yes"){

echo <<<EOT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Redirecting</title>
<meta http-equiv="REFRESH" content="0;url=http://example.com/login.php"></HEAD>
<BODY>
Not authenticated - redirecting...
</BODY>
</HTML>
EOT;
exit();
}
?>

And save this as login.php

<?php
session_start();
if(isset($_REQUEST['password'])){
$password = $_REQUEST['password'];
if($password == "password") {
$_SESSION['authenticated'] = "yes";
$do = "redirect";
}
else {
$do = "incorrect";
}
}
else{
$do = "showform";
}
//done processing
if($do == "showform"){
$formhtml = <<<EOT
<html>

<head>
<title>Your Site | Login</title>
<style type="text/css">
body {
background: url(http://chatfieldfamily.co.uk/images/1.jpg) no-repeat;
background-size: 100%;
font-family:Verdana, Geneva, sans-serif;
}
#form {
opacity: 0.5;filter:alpha(opacity=50);zoom:1;
}
#form:hover {
opacity: 0.8;filter:alpha(opacity=80);zoom:1;
}
</style>
</head>

<body>
<div align="center" id="form" class="form"style="margin-top:400px; margin-left:40%; margin-right:40%;; background-color:#000; color:#FFF"><h2>Your Site Login</h2>
  <form action="login.php" method="post">
    Password: <input type="password" name="password"></input><br></br>
<input type="submit"></input></form></div>



</body>

</html>
EOT;
echo($formhtml);
}
else if($do == "incorrect") {
$formhtml = <<<formhtml
<html>

<head>
<title>Your Site | Login</title>
<style type="text/css">
body {
background: url(http://chatfieldfamily.co.uk/images/1.jpg) no-repeat;
background-size: 100%;
font-family:Verdana, Geneva, sans-serif;
}
#form {
opacity: 0.5;filter:alpha(opacity=50);zoom:1;
}
#form:hover {
opacity: 0.8;filter:alpha(opacity=80);zoom:1;
}
</style>
</head>

<body>
<div align="center" id="form" class="form"style="margin-top:400px; margin-left:40%; margin-right:40%;; background-color:#000; color:#FFF"><h2>Chatfield Family Login</h2>
  <form action="login.php" method="post">
  <div style="color:#F00" >Incorrect password</div>
    Password: <input type="password" name="password"></input><br></br>
<input type="submit"></input></form></div>


</body>

</html>

formhtml;
echo($formhtml);
}
elseif($do == "redirect") {
echo <<<redirect
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Redirecting</title>
<meta http-equiv="REFRESH" content="0;url=http://loggedinurl.com"></HEAD>
<BODY>
Authenticated - redirecting...
</BODY>
</HTML>
redirect;
}
?>

see it in use at www.chatfieldfamily.co.uk

or http://clubmembers-only.com

Tags: iphone

This entry was posted on Sunday, February 21st, 2010 at 10:00 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

John

Thanks for this! I have one question. Will this also limit search bots to access and index the blog?
admin

RE:Thanks for this! I have one question. Will this also limit search bots to access and index the blog?

Yes this will, I will update the script to allow google bot access (ip addresses) and use a meta-header to prevent it from caching the page.

Update: I know have a modified version which allows google/yahoo/bing bots to access the page. If you want this version email me: webmaster@spiders-design.co.uk
Lynn

I’m trying to set up my blog in wordpress and I want my page to do what your’s does (single login). How do I or where do I go to create the login.php?

I did the first part ….changed your website to my address but now I’m stuck on step #2.

Thank you!
admin

RE:I’m trying to set up my blog in…

You need to create the file in notepad or any other text editor and upload it o your web histing directory. In addition you need to upload a background image ( you can opy the one on chafieldfamily.co.uk if you want) and save it as 1.jpg in a folder called images or change the script as required.
tommy

just tried your method but i do get errors with my login.php.

Parse error: syntax error, unexpected $end in /webspace/13/47942/clubmembers-only.com/wp-content/login.php on line 114

could you please provide us with the example files?

best regards

Tommy

ADMIN REPLY:
Links to source is now provided.
tommy

got it … the problem was on my side.

thanks for that script
Tommy

I have trouble with the redirect on Firefox for mac .

can you help?

EDIT: Firefox on mac has a problem with redirects to fix the problem change the authenticated code from:
authenticated redirecting...
to:

<a href="http://yourdomain.com" rel="nofollow">redirecting click here</a>
Bob

I’m also having trouble. First I was experiencing multiple parse and $ errors, but after fixing those, now whenever someone logs in, it just keeps redirecting them back to the login.php!

Where do I change the code?
Patrick

When someone types in the password, does this just allow them to read the blog? They can’t start editing it, right?

Thanks

ADMIN: That is correct
http://www.alfredsmith.com Alfred Smith

Great Job on this script. It works like a charm. Thank you for offering it freely – you are appreciated. Cheers!
http://stormyscorner.com Stormy

I too find that it keeps going back to the login screen.

$_SESSION['authenticated'] gets set to “yes” in the login.php file but when it redirects, it’s no longer yes in the header.php file.
http://stormyscorner.com/2010/06/how-to-make-a-password-protected-wordpress-blog.html How to make a password protected WordPress blog « Stormy's Corner

[...] June 30th, 2010 in Web/Tech Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.Powered by WP Greet Box WordPress PluginThere are lots of posts on how to make a password protected WordPress blog. I followed quite a few unsuccessfully (like this one). [...]
http://www.spiders-design.co.uk/password-protect-wordpress-3-blog/ Password protect wordpress 3 blog « Spiders-Design

[...] To password protect a wordpress 3 blog with a single password use this script: http://www.spiders-design.co.uk/password-protect-wordpress-blog/ [...]
http://nicepricewebb.se/demo/ Marcus

I’ve changed the header and uploadede the login.php but i only get a blank page.

A little help please
Carrie

I first had the problem with the parse errors. Once I moved everything to its own lines, as in the example, rather than all bunched up as in the code snippet, it worked.

I think I found the problem with how it keeps redirecting to the login even when it’s the right password. Change if($authenticated != “yes”){ to if($authenticated != “no”){ (line 14)

seems to work for me now, but I haven’t tested it fully.
Carrie

Wait, that doesn’t work…folks can get in directly without going to the login page! oops!

Well, how can it stop redirecting to the login page when the password is correct?
Daniel

Im looking to implement this, but what user is it grabbing the password from?
JJ

This looks great! But where do I find this header-file you are talking about?

There’s no header.php in my root dir. The only header.php that I can find is in the dir of my theme. But that doesn’t work. Hope you can help me out here!
Schnurlos Telefon

the valuable info u provided do help my investigation for my company, appreaciate that.
Raz

It works!
But how long does the user stays logged in??
Is there anyway to implement a logout screen??
admin

The login is handled by PHP sessions and therefore timesout when:

* the browser is closed
* the IP is changed
* the cookies are cleared
* the user Logs out (see below)
* A significant timeframe lapses (not sure precisely how long – something like 24hrs)

Is there anyway to implement a logout screen??
Yes – I should have integrated this within the script (I am currently turning it into a wordpress plugin and will incorporate a logout page)
Create a page called logout.php
and use the code;

<?php
session_destroy();

echo <<<EOT

Logging out

Logged out – redirecting…

EOT;
?>
admin

It is the header file in your theme. I reccomend using the inbuilt editor in wordpress to edit the file.
admin

The password is defined in login.php
admin

HMMM
Does your PHP installation allow sessions?
Only explanation I can come up with.
Kazna

Does not work for me I’ve edited header.php and created login.php but it just shows a blank page, no redirecting at all. I’m using WP multisite.
ava

Hi!

I have been trying to find a log-in option for my WP site and I stumbled-upon this site.

This works great! Just have to figure out how to edit the background but other than that it works fine!

If you manage to turn this into a wordpress plug-in soon please do let me know.

Thank you sooo much!
ava

Hi,

I tried to create a log-out page with your code:

<?php
session_destroy();
echo <<

Placed the logout.php page in the same directory as login.php but I get this error message when I log-out:

Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session in /home/content/33/5045933/html/coach/wp-content/themes/rich_corp/logout.php on line 2

Please advise on how I can resolve this.

Thanks!
admin

Hi we anticipate a plugin release in the next few months.
New features will include:
Search engine Bot access
Ip deny / allow list
If there is something you think we should include then please comment it.
http://wp-plugin-archive.de/2010/08/password-protect-wordpress-plugin/ Password Protect WordPress Plugin

[...] Chatfield´s Password Protect WordPress schützt WordPress mit einem Passwort gegen fremde Blicke. Ideal für zum Beispiel ein [...]
http://socialpickup.de/2010/08/password-protect-wordpress-plugin/ Password Protect WordPress Plugin

[...] Protect WordPress Plugin | 30. August 2010 | Autor: Karl-Heinz Daniel Chatfield´s Password Protect WordPress schützt WordPress mit einem Passwort gegen fremde Blicke. Ideal für zum Beispiel ein [...]
http://www.5happy.com bruce

here’s a chunk of code that can be inserted at the beginning of the wordpress header file, that does not require any additional files:

<?php
session_start();

$the_current_password = 'whatever';

// or…
// $the_current_password = file("get_password_from_db.php");

$login_form =<<<EOF

please enter password

EOF;

if (isset($_REQUEST['password'])) {
$password = $_REQUEST['password'];
if($password != $the_current_password) {
echo “$login_form”;
exit();
} else {
$_SESSION['authenticated'] = “yup”;
}

} else if (!(isset($_SESSION['authenticated']) && $_SESSION['authenticated'] == ‘yup’)) {
echo “$login_form”;
exit();

}

?>
http://www.5happy.com bruce

sorry… here is a corrected version of a simple chunk of code to insert at the top of your header.php file that accomplishes overall password protection without requiring any additional files:

<?php
session_start();

$the_current_password = ‘whatever’;

// or…
// $the_current_password = file(“get_password_from_db.php”);

$login_form =<<<EOF
<br&rt;<br&rt;<br&rt;
<div align=”center” id=”form” class=”form” style=”margin-top:100px; margin:0 auto; width:350px; background-color:#ccc; color:#666″&rt;<FONT SIZE=”-1″ FACE=”Arial, Helvetica”&rt;<br&rt;please enter password</FONT&rt;
<form action=”http://url_of_your_blog/index.php” method=”post”&rt;
<input type=”password” name=”password”&rt;<br&rt;<br&rt;
<input type=”submit” value=”login to the ________ blog”&rt;<br&rt;
</form&rt;
</div&rt;

EOF;

if (isset($_REQUEST['password'])) {
$password = $_REQUEST['password'];
if($password != $the_current_password) {
echo “$login_form”;
exit();
} else {
$_SESSION['authenticated'] = “yup”;
}

} else if (!(isset($_SESSION['authenticated']) && $_SESSION['authenticated'] == ‘yup’)) {
echo “$login_form”;
exit();

}

?&rt;
http://www.5happy.com bruce

to quote bullwinkle… this time for sure!

here is a simple chunk of code that will allow you to password protect your wordpress blog… simply insert at the top of your header.php file, and change the password per your specifications:

<?php
session_start();

$the_current_password = ‘whatever’;

// or…
// $the_current_password = file(“get_password_from_db.php”);

$login_form =<<<EOF
<br><br><br>
<div align=”center” id=”form” class=”form” style=”margin-top:100px; margin:0 auto; width:350px; background-color:#ccc; color:#666″><FONT SIZE=”-1″ FACE=”Arial, Helvetica”><br>please enter password</FONT>
<form action=”http://url_of_your_blog/index.php” method=”post”>
<input type=”password” name=”password”><br><br>
<input type=”submit” value=”login to the ________ blog”><br>
</form>
</div>

EOF;

if (isset($_REQUEST['password'])) {
$password = $_REQUEST['password'];
if($password != $the_current_password) {
echo “$login_form”;
exit();
} else {
$_SESSION['authenticated'] = “yup”;
}

} else if (!(isset($_SESSION['authenticated']) && $_SESSION['authenticated'] == ‘yup’)) {
echo “$login_form”;
exit();

}

?>
Peter

I have implemented this for my website blog and it works fine. Does this also disable rss feeds, considering they may not be able to access it with the incorrect password but if you still get rss, then why bother installing?
Sheryl

I have tried installing this plugin twice now and cannot get it to work. One of two things happens;

At first it seemed to not install properly because when going to ‘settings’ a bunch of error messages came up about missing files etc.

So I tried again, this time you can go to settings but it will not let me change the default passowrd, it just site there and never updates.

I tried installing it yet again and now it’s back to caughing up error messages when going to the ‘settings’ screen so gave up for now.

I have a question (assuming one can get it to work first) what will happen with plugins like the global translator?

I am using an alternate password method now but this causes a problem with the global translator, the translator cannot function basically.

Thanks,
Sheryl
Henrik

Hi!

Really great work with this code, thank you! Looking forward to the plugin.

I can’t get the logout.php file to work. Seems as I am logged out, but I can still visit the site without logging in again.

Any suggestion?
Odile

Hello,
Thanks for your plugin. I was really looking for a plugin that allows access to my blog using only a password.
I have tried it as it is (I did not change the logo.png file). I just edited the setting page, and entered my new desired password. But after I saved it and tried it, I kept getting “incorrect password”.
Do you have any idea what could have gone wrong?
Thanks.
Odile
B

I’ve installed the plugin it works perfectly, thanks!

But, I still don’t get how to create the log-out page.
Can someone write an how-to for a rookie?

Thanks in advance.
kevin

When I click on “previous entry” instead of taking me to the previous entries, I need to login again. I notice that someone else has this problem, but I couldn’t tell if there was a fix listed. I have the plugin installed. thanks, this is a great tool
backdoor

Nice plug-in but close the backdoor (RSS feed). Try http://chatfieldfamily.co.uk/feed/
http://www.weddingbee.com/2011/04/08/build-your-own-wedding-website/ Our Wedding Wedsite from Scratch – Part II | Weddingbee

[...] Spiders-Design is a wordpress plugin [...]
Anthony

I’ve been using ur excellent plugin whilst I develop the rest of my site… I’ve just gotten to a place where I’m installing and testing FBshare and Tweetmeme buttons… Either one… returns “Login. ” where my_url is the intended share link… and Login should be to title of the shared page… instead it seems it’s the Title of the Password Protect login page.

So I’ve disbled and deleted the plugin… but I still get the problem.

Does the plugin do something to alter other WP files that may linger after deactivating and deleting it?

I’m going round in circles with this. Most Baffling.

Thanks… Plugin is ace otherwise
.
Pschuba

Can this code be used on wordpress.com or does it have to be though wordpress.org?
Anonymous

As far as I am aware – WordPress.com doesn’t support plugins.
Yvonneloughrey

Thank you so much for this code Bruce…
http://www.comvigo.com Web Filter

Really nice and thanks for sharing code and plugins….. It is my great pleasure to visit your website and to enjoy
your excellent post here. I like that very much.
http://www.comvigo.com Web Filter

Really nice and thanks for sharing code and plugins….. It is my great pleasure to visit your website and to enjoy
your excellent post here. I like that very much.
http://www.comvigo.com Web Filter

Really nice and thanks for sharing code and plugins….. It is my great pleasure to visit your website and to enjoy
your excellent post here. I like that very much.
http://www.logoguru.co.uk/pages/logo-design-contest.html Logo Design Contest

Great to have this code, i am searching for it from many days. Good for blog. Thanks
http://www.logoguru.co.uk/pages/logo-design-contest.html Logo Design Contest

Great to have this code, i am searching for it from many days. Good for blog. Thanks
http://www.logocontestreviews.com/99designs-vs-crowdspring/ 99designs vs Crowdspring

Is that updated list? Overall all codes are useful. Thanks
http://www.logocontestreviews.com/99designs-vs-crowdspring/ 99designs vs Crowdspring

Is that updated list? Overall all codes are useful. Thanks
http://www.umbeehosting.co.uk/vps-hosting VPS Hosting

Thank you for the source code mate, it helps me update my website in WordPress platform.

Spiders-Design

Password protect wordpress blog

I have created a WordPress Plugin now Download here