My wife and I, like any fun newlywed couple (okay, maybe we’re getting a little old for the newlywed stage now), have a blog where we like to talk about the trips we go on, fun finds, time with family, etc. The time came the other day to make the blog private to allow access only to friends and family, instead of shouting our family matters to the entire Internet. It is run with WordPress, as are most of my personal and client sites, because of the fantastic power and flexibility that the platform provides. After searching for a few hours, I came up with what I believe is one a very good combo of plugins and settings to make a WordPress blog private.
We didn’t want any old Joe Schmoe to stumble across our family news and personal lives. WordPress will let you make individual posts password protected, and there are even plugins that will set a default password on every post. However, we had a lot of pictures and other content in sidebars and such that would not be protected by such a method. WordPress also allows people to sign up as “subscribers” to a blog, and there are a myriad of plugins that will block access to the site unless you log in as a user. However, this would require all of our friends and family to make yet another account on yet another site, remember their credentials, and basically be a pain. Therefore, this solution, and all plugins with it, wouldn’t work.
We wanted to mimic private blogs on services such as Blogger, where the owner of the site can list the emails of people that are allowed to see the site, and then in the case of Blogger, people must authenticate using their Google account to view the site. This is a good approach, but weren’t going to deal with authenticating via the Google API either, too much work. We just wanted to have a list of people that we trusted that could view the site.
Enter the Friends Only and Feed Wrangler plugins. This combination of plugins allows you to protect your entire site, not just posts, as well as your RSS feeds.
Friends Only is a great plugin written by Gabriel White that lets you set up a list of email addresses for people that should be allowed to access your site. Unless a person is logged in as an administrator on the blog, they are presented with a short, customizable message and a form to type in their email address to enter the site. Friends Only also locks down various portions of the blog, including the feeds, so that only authenticated users can view them. Using this, our visitors only need to know their own email address, do not need to remember a password, and know exactly how to get in touch with us if they aren’t already on the approved list.
The Feed Wrangler plugin plays an essential role in this scheme because several of our friends follow us via RSS, and we didn’t want to cut them off with Friends Only locking down the feeds. Feed Wrangler lets you create custom feed links (that can potentially offer customized feeds, but I didn’t need that level of customization), and Friends Only is built to take direct advantage of that. I created a new feed link based on a mostly random URL, and posted that as the main RSS feed for the site, adding it to the sidebar and also in the header. In this case then, the feed is more secure through obscurity than anything, but my security needs were not particularly high, this just being a family blog.
I did end up making some customizations to the Friends Only code. In particular, I added wp-content/uploads to the list of unprotected directories so that those who viewed posts through RSS feeds or email updates would be able to see images. I also changed the order of some of the code to make it more efficient, and tweaked the login page. However, this plugin should work fine out of the box for anyone.
Before using these plugins on your own site, make sure you let your followers know of the coming change! We put up a post shortly before throwing the switch that let our RSS followers know about the change, and we preloaded a list of emails of those who we knew for sure followed our blog into the Friends Only plugin. Finally, we turned both plugins on, and though we got a few “Please add me!” emails, we covered our bases pretty well. Now we feel better about posting personal stories and details on our blog, and we don’t worry that our family members can’t stay on top of all of our super awesome enthralling exciting news! (Yes, we’re that exciting. :))
If you have any questions on how we did this setup, feel free to ask in the comments.
Thank you so much for this tip! This is exactly what I was looking for.
I created my private blog using http://www.agnishukla.com/2014/07/22/private-only-plugin-best-way-to-create-private-blogs/ , but i see your idea is also very quick.. i will use it in my new blog