Restricted Site Access

Beschreibung

Beschränke den Zugriff auf deine Website auf angemeldete Besucher oder auf einen spezifischen IP-Bereich. Sende Besucher ohne Zugriff zur Anmeldeseite, leite sie weiter oder zeige eine Nachricht oder Seite an. Eine optimale Lösung für Extranets, öffentliche Intranets oder parallele Entwicklungsumgebungen.

Adds a number of new configuration options to the Reading settings panel as well as the Network Settings panel in multisite. From these panels you can:

  1. Enable or disable site restriction
  2. Change the restriction behavior: send to login, redirect, display a message, display a page
  3. Add IP addresses to an unrestricted list, including ranges
  4. Quickly add your current IP to the unrestricted list
  5. Customize the redirect location, including an option to send them to the same requested path and set the HTTP status code for SEO friendliness
  6. Define a simple message to show restricted visitors, or select a page to show them – great for „coming soon“ teasers!

Screenshots

  • Screenshot of settings panel with simple Restricted Site Access option (send to login page).
  • Screenshot of settings panel with restriction message option enabled
  • Plenty of inline help! Looks and behaves like native WordPress help.

Installation

  1. Install easily with the WordPress plugin control panel or manually download the plugin and upload the extracted folder to the /wp-content/plugins/ directory
  2. Aktiviere das Plugin mittels dem ‚Plugins‘-Menü in WordPress
  3. Configure the plugin by going to the „Reading“ menu (WP3.5+) or „Privacy“ (earlier versions) under „Settings“

FAQ

Installation Instructions
  1. Install easily with the WordPress plugin control panel or manually download the plugin and upload the extracted folder to the /wp-content/plugins/ directory
  2. Aktiviere das Plugin mittels dem ‚Plugins‘-Menü in WordPress
  3. Configure the plugin by going to the „Reading“ menu (WP3.5+) or „Privacy“ (earlier versions) under „Settings“
Wo ändere ich die Einstellungen für die Einschränkung?

Die Einstellungen von „Restricted Site Access“ sind unter Einstellungen › Lesen zu finden. Dort erweitern sie WordPress‘ eigene Option „Sichtbarkeit für Suchmaschinen“.

Es funktioniert nicht! Meine Website ist offen für alle!

Most commonly, Restricted Site Access is not compatible with some page caching solutions. While the plugin hooks in as early as it can to check visitor permissions, its important to understand that some page caching plugins generate static output that prevents plugins like Restricted Site Access from ever checking individual visitors.

To the extent that sites blocked by this plugin should not need to concern themselves with high scale front end performance, we strongly recommend disabling any page caching solutions while restricting access to your site. Keep in mind that most page caching plugins do not cache the “logged in” experience, anyhow. Also note that the plugin is fully compatible with other caching layers, like the WordPress object cache.

Wie erlaube ich den Zugriff auf bestimmte Seiten oder Abschnitte meiner Website?

Developers can use the restricted_site_access_is_restricted filter to override normal restriction behavior. Note that restriction checks happen before WordPress executes any queries; it passes the query request from the global $wp variable so developers can investigate what the visitor is trying to load.

For instance, to unblock an RSS feed, place the following PHP code in the theme’s functions.php file or in a simple plug-in:

add_filter( 'restricted_site_access_is_restricted', 'my_rsa_feed_override’, 10, 2 );

function my_rsa_feed_override( $is_restricted, $wp ) {
    // check query variables to see if this is the feed
    if ( ! empty( $wp->query_vars['feed'] ) ) {
        $is_restricted = false;
    }
    return $is_restricted;
}
Wie sicher ist dieses Plugin?

Visitors that are not logged in or allowed by IP address will not be able to browse your site (though be cautious of page caching plugin incompatibilities, mentioned above). Restricted Site Access does not block access to your, so direct links to files in your media and uploads folder (for instance) are not blocked. It is also important to remember that IP addresses can be spoofed. Because Restricted Site Access runs as a plug-in, it is subject to any other vulnerabilities present on your site.

Restricted Site Access is not meant to be a top secret data safe, but simply a reliable and convenient way to handle unwanted visitors.

I received a warning about page caching. What does it mean?

Page caching plugins often hook into WordPress to quickly serve the last cached output of a page before we can check to see if a visitor’s access should be restricted. Not all page caching plugins behave the same way, but several solutions – including external solutions we might not detect – can cause restricted pages to be publicly served regardless of your settings.

Rezensionen

Simply Works!

Been using this plugin on various sites for the last few years. Never had an issue with it and always performs exactly as advertised. Highly recommended if you are looking for quick and easy way to redirect visitors while you’re setting up WordPress on a new domain or need to perform maintenance. A+

Great Plugin – minor bug with using when behind a load balancer

Great Plugin though there was a minor bug when using behind a load balancer. The IP address would always be of the load balancer. To fix edit the restricted-site-access/restricted_site_access.php file and add this function

public static function get_ip() {

//Just get the headers if we can or else use the SERVER global
if ( function_exists( ‚apache_request_headers‘ ) ) {
$headers = apache_request_headers();
} else {
$headers = $_SERVER;
}
//Get the forwarded IP if it exists
if ( array_key_exists( ‚X-Forwarded-For‘, $headers ) ) {
$the_ip = $headers[‚X-Forwarded-For‘];
} elseif ( array_key_exists( ‚HTTP_X_FORWARDED_FOR‘, $headers )) {
$the_ip = $headers[‚HTTP_X_FORWARDED_FOR‘];
} else {

$the_ip = $_SERVER[‚REMOTE_ADDR‘];
}
return $the_ip;
}

Then replace all occurrences of: $_SERVER[‚REMOTE_ADDR‘] with self::get_ip()

Lies alle 42 Rezensionen

Mitwirkende & Entwickler

„Restricted Site Access“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:

Mitwirkende

„Restricted Site Access“ wurde in 3 Sprachen übersetzt. Danke an die Übersetzerinnen und Übersetzer für ihre Mitwirkung.

Übersetze „Restricted Site Access“ in deine Sprache.

Interessiert an der Entwicklung?

Durchstöbere den Code, sieh dir das SVN Repository an oder abonniere das Entwicklungsprotokoll per RSS.

Änderungsprotokoll

6.1.0

  • Correct a PHP notice when running PHP >= 7.1.
  • Refactor logic for checking ip address is in masked ip range.
  • Add PHPUnit tests validating the ip_in_mask functionality.

6.0.2

  • Add a ‚restrict_site_access_ip_match‘ action which fires when an ip match occurs. Enables adding session_start() to the IP check, ensuring Varnish type cache will not cache the request.

6.0.1

  • When plugin is network activated, don’t touch individual blog visiblity settings.
  • When plugin is network deactivated, set all individual blogs to default visibility.

6.0

  • Use Grunt to manage assets.
  • Network settings added for management of entire network visibility settings.
  • Display warning if page caching is enabled.

Note: There is currently an edge case bug affecting IP whitelisting. This bug is on the docket to be fixed shortly.

5.1

  • Under the hood refactoring and clean up for performance and maintainability.
  • Small visual refinements to the settings panel.

5.0.1

  • Does not block user activation page in network mode

5.0

  • WordPress 3.5 compatibility (3.5 eliminated the Privacy settings panel in favor of a refreshed Reading panel)
  • Real validation (on the fly and on save) for IP address entries
  • „Restriction message“ now supports simple HTML and is edited using WordPress’s simple HTML tag editor
  • A bunch of visual refinements that conform better with WordPress 3.4 and newer (spacing, native „shake“ effect on invalid entries just like the login form, etc.)
  • A bunch of under the hood refinements (e.g. playing nicer with current screen Help API)

4.0

  • New restriction option – show restricted visitor a specified page; use with custom page templates for great for website teasers!
  • Major improvements to settings user interface, including hiding unused fields based on settings, easier selection of restriction type, and cleaner „remove“ confirmation for IP address list
  • Performance improvements – catches and blocks restricted visitors earlier in the loading process
  • New filter hooks for other developers: ‚restricted_site_access_is_restricted‘, ‚restricted_site_access_approach‘, ‚restricted_site_access_redirect_url‘, and ‚restricted_site_access_head‘
  • Localization ready – rough Spanish translation included!
  • Basic support for no JavaScript mode
  • Optimized for PHP 5.2, per new WordPress 3.2 requirements (no longer supports PHP < 5.2.4)
  • Assorted other improvements and optimizations to the code base

3.2.1

  • Restored PHP4 compatibility

3.2

  • More meaningful page title in „Display Message“ mode (previously WordPress > Error)
  • Code clean up, prevent rare warnings in debug mode

3.1.1

  • Fixed PHP warning when debugging is enabled and redirect path is not checked

3.1

  • New feature: backwards compatibility with PHP < 5.1 (limited testing with earlier versions)
  • Bug fix: disappearing blocked access message text box on configuration page
  • Bug fix: login always redirects visitor back to correct page
  • Improved: built in help on configuration page updated, clearer
  • Improved: „IP already in list“ indicator
  • Improved: optimizations to code that handles restriction behavior

3.0

  • Integrates with Privacy settings page and site visibility option instead of adding a whole new page
  • Simplified options: clearer instructions, removed unnecessary hiding / showing of some options, fewer lines
  • Indicates whether the site is blocked in the admin next to the site title (WordPress 3.0+ only)
  • New action hook, restrict_site_access_handling, allowing developers to add their own restriction handling
  • Cleans up / removes settings when uninstalled
  • Assorted under the hood improvements for best coding practices, sanitization of options, etc

2.1

  • Customize blocked visitor message
  • Stronger security (patched „search“ hole)
  • Better display / handling of blocked visitor message

2.0

  • Add support for IP ranges courtesy Eric Buth
  • Major UI changes and improvements; major code improvements

1.0.2

  • Fix login redirect to home; improve redirect handling to take advantage of wp_redirect function

1.0.1

  • Important fundamental change related to handling of what should be restricted