Securing WordPress

  • Resolved diggit2001

    (@diggit2001)


    14 years, 12 months ago

    I am using WordPress for our company intranet and I don’t want any of the site to be viewable to anyone until they have logged in, preferably with their Active Directory/domain credentials. WordPress is running on a Windows 2003 Server with IIS 6. Best case scenario would be to use integrated Windows authentication as I am doing with other sites on this particular webserver but when I enable it (and disable anonymous access) a user is prompted for and puts in their credentials 4 or 5 times before they are permitted access to the site.

    I’m not sure if integrated Windows authentication is supported on a WordPress site running on Windows Server or not, or if there is perhaps a better way to accomplish what I am after, but I would appreciate any input anyone could provide.

    Thanks in advance.
    -Chris

Viewing 4 replies - 1 through 4 (of 4 total)

  • We have managed to get WordPress and WordPress MU authenticating using LDAP with 1500 active directory accounts. The plugin we used was wpDirAuth but we had to use an older version of the plugin in order to get it to work.

    Just a word of warning we are on Windows server 2008 with IIS7 so may not be exactly the same.

    Thread Starter diggit2001

    (@diggit2001)

    Thanks for the advice. I’ve been messing with the wpDirAuth plugin since your recommendation pointed me to it and have run into several different problems. I finally have them all ironed out now and it seems to be working. Since there doesn’t seem to be much support for this particular plugin online, I’m going to post my issues here in the hopes that some kind soul may happen upon this post and have a pointer or two for me.

    My first issue is that when a user logs onto the site using their AD credentials, they are taken to their WordPress Profile page. I have been looking around for a way to have the user delivered to the actual site home page when they logon, but I have so far not been able to find this setting.

    Besides getting some sort of AD authentication working on my site, my other goal was to make the entire site private and not visible to anyone until they have successfully logged on. It does not appear that this plugin provides that functionality. I have tried using the ‘Absolute Privacy’ plugin but it appears to have conflicts with the wpDirAuth plugin so I’m stuck.

    I appreciate the assistance.
    Thanks!
    -Chris

    I think that the redirection to the profile may be something to do with the default role that they are being allocated.

    In terms of protecting the entire site, why not just wrap all your pages with:

    <?php if(is_user_logged_in) ) { ?>
// show all page content here
<?php } else { ?>
// include loginform here
<?php } ?>

    Hope this helps.

    Thread Starter diggit2001

    (@diggit2001)

    Thanks again. Not sure what happened with the direction to the profile page, but it seems to have stopped. Everyone is brought to the sites home page when they log on now, as they should. I’m sure that something I did somewhere along the line may have fixed it but I’ve changed several things over the course of the day, so there’s no telling.

    I’m not much of a PHP guy so changing the code on the pages never occurred to me. I did find a handy plugin that does what i want called ‘Private WP’.

    Looks like everything is working perfectly now. I appreciate your assistance.

    -Chris

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Securing WordPress’ is closed to new replies.