Please try this for your redirect:
add_action( 'template_redirect', function(){
// no non-authenticated users allowed
if( ! is_user_logged_in() )
{
wp_redirect( home_url( '/wp-login.php' ), 302 );
exit();
}
});
to allow only logged in users to view your site.
It’s generally too late to use redirect directly in the header.php
file, so it’s better to use an hook that fires before http headers are sent, like the template_redirect
hook. It’s also important that template_redirect
is not activated on the wp-login.php
page.