Comments on: Restricted Site Access (WordPress Plugin)

By: Raden Payas

Raden Payas — Sun, 07 Mar 2010 09:28:11 +0000

Dear Admin,

This is seems to be a nice plugin and I have the following questions.

1. I want to alllow every user to login only from their own IP address, Is this possible? This is to avoid sharing of login details.

2. If the number 1 question is possible, does this plugin do it automatically, or should I each user’s IP address? How to find users’ IP addresses?

Thanks a lot and I’m really hoping for your answer…. I tried restrict ip login but it does not give me what I need… Hope this plugin does..

Thanks a lot,
Raden

By: Charles Hodgson

Charles Hodgson — Wed, 24 Feb 2010 15:59:40 +0000

Not to unjustifiably promote getting attention sooner, but I too am looking for the feature Jeff Miller suggests. Can’t fork myself and unlikely to fork-over for feature sponsorship. But I do like the plugin and will do a donation.

By: Jake Goldman

Jake Goldman — Sun, 21 Feb 2010 22:34:10 +0000

Jeff – great question.

Unfortunately, due to the way WordPress handles files, files are only hidden by obscurity. If someone has a direct link to an upload, theyll be able to retrieve, it regardless of whether theyre logged in / unblocked.

The only way around this would be to use htaccess level protection on that folder. I would have to modify the plugin to block direct access to files in that, and stream them through a PHP script for download.

Of course, this could be trickier than first blush might suggest. For instance, what about images embedded on a page? Streaming those in (instead of a plain old image src reference) would be confusing and complicated to implement. Perhaps there would be a checkbox for media items called secured file that would control which files can are blocked / have to be streamed. Of course, then they would also have to live in a seperate folder.

Ill investigate further, but theres no quick fix for this that I know of. If someone would like to fork the code to do this or sponsor the feature, it could get attention sooner!

By: Jeff Miller

Jeff Miller — Tue, 16 Feb 2010 03:29:24 +0000

Hi, I was wondering, does this plugin also restrict the ability for users to retrieve files that might be uploaded to a site? Im working on a site for a non-profit and we want to have Board documents available to those who log in, but no one else. We would give each board member a login; when their term is up, we terminate the login.

In short, no access to anything on the site, unless you have a login?

Thanks,

Jeff Miller

By: Jake Goldman

Jake Goldman — Thu, 11 Feb 2010 01:57:22 +0000

Yikes – good catch. We’ll patch that up tonight!

By: John Thiele

John Thiele — Wed, 10 Feb 2010 12:58:11 +0000

I really appreciate your secure access plugin. However, we have found a hack that bypasses it. if you execute a search query string, such as /?s=news, the search is executed and the search results page is rendered. Any way to close that hole? I have disabled search until we launch, but it was a really bad surprise to find when we got hacked.

Thanks for the plugin and your consideration.

By: Jake Goldman

Jake Goldman — Tue, 09 Feb 2010 02:05:42 +0000

Amy – if you want to modify the source code of the plug-in, you could certainly hardcode the IP ranges in instead of pulling the option from the setting panel.

If you’d like help, we could do this for you with just an hour’s budget. Use the “Request a Quote” button up top!

By: Amy Greene

Amy Greene — Fri, 05 Feb 2010 22:01:18 +0000

We have an educational WordPressMU install where we’d like to use plugin manager to activate this plugin by default upon creation. Is there a way to hardcode the settings and IP range for this plugin so all new blogs get the same settings to start? Blog owners could then go and change the settings later if they wanted to. Thanks for your great work on this plugin!

By: Why You Should Use WordPress | 5280 Web Design

Why You Should Use WordPress | 5280 Web Design — Thu, 28 Jan 2010 22:31:38 +0000

[...] a plugin that restricts anyone from logging into my site with an IP address different than my own (Restricted Site Access). Another popular plugin that allows for added security is WP Security Scan, which will actually [...]

By: Jake Goldman

Jake Goldman — Fri, 13 Nov 2009 02:28:48 +0000

Oliver – we’re pretty swamped right now, so plug-ins aren’t on the front burner. But if you can provide the PHP code that interprets something like “192.168.1.0/24″ (or any other ranges a user could enter) into a starting and ending IP address, it would help us get that feature in more quickly.