How to Restrict User Access In WordPress by IP or Logged Users

Looking to restrict user access to WordPress by IP address? Perhaps you only want logged in users to see the site’s content. This is helpful in many situations, and you can easily set this up yourself through WordPress. All it takes is the right plugin.

Let’s say you are launching a new site but don’t want visitors accessing it just yet. Maybe you want to create a private site for your friends, family or co-workers. In these instances, you want to stop others from accessing content.

In this tutorial, I’m going to show you how to easily restrict page access control in WordPress using the Restricted Site Access plugin. It’s a great tool that is easy to use and does the job of keeping your site locked down.

Setting Up Restricted Site Access

The Restricted Site Access plugin is quite versatile for being a small add-on for WordPress. You can set IP access specifically or authorize a certain range of numbers. You can also change the behavior of access, such as redirecting the user or displaying a message.

Install and activate the Restricted Site Access plugin in WordPress.

Restricted Site Access

Go to the Settings area and click, “Reading.”


This plugin adds a new set of functions for WordPress page access control. You will see a section for Site Visibility, Handle restricted visitors and Unrestricted IP addresses.

By default, Restricted Page Access is enabled after activation. You can disable this by clicking either of the other two options above it. These relate to how search engines will index your site for SEO purposes.

Restricted Access Activation

You have four options available under “Handle restricted visitors.” They are:

  • Send them to the WordPress login screen: This only shows unauthorized visitors the login screen for WordPress.
  • Redirect them to a specified web address: Enabling this feature gives you the option to send visitors directly to any URL you put into the system. You can also assign a status code such as a 301, 302 or 307 redirect.
  • Show them a simple message: This gives you the option to display a web message to the visitor. For example, you can create a customized comment using the basic text editor to inform the user of the restriction.
  • Show them a page: This is a bit different from the web address feature above. It lets you forward visitors to one of your site’s own pages rather than sending them out to the Internet.
    For instance, you could set up a payment gateway page if you lock content behind a paywall.

Choose which of these options you want to use.

Choose Restriction Behavior

What if you want to add an IP address for unrestricted access? Input the IP address of the user and click, “Add.” Click the “Add My Current IP Address” to give yourself unrestricted access to the site.

Add Your IP

Then, just click the “Save Changes” button on the bottom left and your site is locked down with your settings.

IP Address Ranges

When you restrict WordPress page access by IP, it comes with a bit of a gamble. Unless your user pays for a static address, it’s probably better to include a range of addresses instead. This way, the user can still access the site even if his or her ISP changes the address some time down the road.

You do this by including a “/” and the highest number you wish to include. For example, an IP range could look something like:[ht_message mstyle=”info” title=”” show_icon=”” id=”” class=”” style=”” ][/ht_message]
This would include every IP address from through 120. Perhaps an even better method would be to use a range of the system’s subnet mask. It’s done in the same manner.

Addressing Page Caching

When you install Restricted Page Access, you will see a warning message if you use a caching plugin like W3 Total Cache. This is because the restriction only takes in effect of the site itself, not the cached pages. This means content that is cached may still be visible to the outside world.

Not all caching plugins will cause this issue, however. Perhaps the best thing to do is to empty your caches after saving changes for restricting access. If all else fails, you may have to remove the caching plugin if you want Restricted Page Access to work properly.

You will have to test accessing content from an outside Internet access point to really tell if your site is hidden after enabling restrictions.

Keeping it Private with WordPress

This is only one method of many for creating a private website. However, it’s probably one of the easier to implement. Regardless of why you want WordPress page access control, this tool is ideal. Explore the possibilities and keep your content protected at all times.

What’s your favorite security plugin for WordPress? Do you find value in having an employee-only online portal for information?

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.