Restrict access to a single MS site based on IP

Probably via .htaccess though you;d have to have some nested checks in there, and I’m not sure how that would work.

That’s a case for a separate install, though.

For organizational- and training-related reasons, this pretty much *has* to run out of a single MS install.

Does it have to be IP restricted? Or can it be user based?

Alas, it needs to be IP restricted. I’ve offered up Tadlock’s Members plugin (and similar) but C-level execs seem to have an allergy to login dialogs. They want lurkers to have access to the site’s content but want to keep prying eyes out. (Think: intranet site on a large corporate network which may well have 3rd party contractors and even competitors with some manner of access on it.)

There are probably gazillion ways you can do this.

The first one that pops into mind would involve hooking into init and then do wp_redirect to a pretty error page on your root blog if the person is not allowed in: “You have tried to access a restricted blog. The Hunter Destroyers have been dispatched.”

To check for the IP you can have a multi-dimensional load from site-meta that has a big list of blogID->ApprovedIP pairs and a UI to maintain it.

The function on init does an isset() to see if there is anything under that blog id. If that blog ID is not found, don’t redirect – it’s not a filtered blog. If there are entries for the blog, then look for the $_SERVER[‘REMOTE_ADDR’] in the 2nd dimension of the array. If found don’t redirect else do.

Make sense?

Better yet, populate it through a CSV file they upload. They’ll love that.