Tutorial: Password Protect an Entire WordPress Blog

Recently I had the need to set up a couple of blogs that I only wanted people who are logged in to be able to access. After a little research and experimentation I came across the following fix.

So lets say you wanted to set up a Blog for just the use of your own internal company. Or Family. Or whatever… But you don’t want anyone to be able to access the site unless they are logged in. It’s actually a lot easier than you think. Here’s how to do it.

  1. In the WordPress Admin panel choose Settings. This takes you to the General Settings tab. Under Membership, UNCHECK the option that reads “Anyone can register“.

    This way the only people who are going to have access are the ones that you allow to register. Bad news = You have to register them. Good news = Only they will be able to log in.

  2. Under the Appearance link in the Admin panel choose Editor. This will take you to the “Edit Themes” tab. On the right side of the screen you should see a file called Header.php which is located in your theme directory. Look for the line that says <body> then place the following code immediately after it:

    <?php if (is_user_logged_in()){
    echo "";
    else {
  3. At this point, you should be able to save the modifications to the Header.php file and you should be done! HOWEVER, you might run into a situation where you see the following message at the bottom of the page:

    You need to make this file writable before you can save your changes.

    If that is the case, you are going to need to use an FTP program to change the permissions on the file before you can edit it.

Good luck and hope this helps!

Article Written by
John P.

John P. is CEO of Livid Lobster and co-host of Geek Beat TV. You can also find him on Twitter, Facebook and Google+.


  1. Chris says:

    Thanks for posting this..I just had an irate customer telling me their site is appearing in google before it was finished..Problem solved!


  2. John P. says:

    That is a great question! I hadn’t actually tried it so I’m not sure. If anyone else figured it out please let us know.


  3. beemsterman says:

    Will people still be able to access rss-feeds?

  4. Thanks for the share !

  5. Gouri says:

    Thanks for the post. I was under the impression that we have the password protect option for the self-hosted blogs as well.

  6. Indeed Valuable. Thanks for the share :)

  7. Zig Baird says:

    A few months ago I decided to make one of my blogs totally private for family only. I did something similar to what you described above but, like you said, I had to register everyone.

    I found a nice plug-in named Absolute Privacy that does the following (straight from the author’s site):

    “Force registrants to enter first and last name
    Allow registrants to choose their own passwords
    Moderate users: new registrants cannot login until approved
    Get emailed every time an approval is waiting (with a link for quick approval)
    Lock out all non-logged in views from your website (configurable)
    Prevent subscribers from viewing admin pages (like their profile page and the dashboard)”

    I find it easy to setup and it works for my purpose. Just another alternative for your readers. The plugin can be found at:


    and can be downloaded from WordPress.org at:


Speak Your Mind


Web Statistics