You can either use a powerful plugin such as Multisite Privacy by WPMUDEV, or you can use the following code which I developed for a project of my own.
To use this code, either create a plugin with it that you only activate on the site to protect, or if that sounds too difficult, you can paste it into the theme’s functions.php and wrap the add_action call with a conditional statement as seen below:
if ( get_current_blog_id() = 2 ) // Only apply privacy to blog ID 2
add_action('wp', 'private_site');
function private_site() {
if( $_GET['home'] == 'fix' ) { return; }
$isLoginPage = strpos($_SERVER['REQUEST_URI'], "wp-login.php") !== false;
$isPhoneApp = strpos($_SERVER['REQUEST_URI'], "xmlrpc.php") !== false;
$wpe_cookie="wpe-auth";
if( !is_user_logged_in() && !is_admin() && !$isLoginPage && !$isPhoneApp ) {
// WPE: If not-authenticated, delete our cookie in case it exists.
if ( isset($_COOKIE[$wpe_cookie]) ) setcookie($wpe_cookie,'',time()-1000000,"https://wordpress.stackexchange.com/");
$shareKey = get_post_meta( get_the_ID(), 'key', true );
if( $_GET['key'] && is_single && $_GET['key'] == $shareKey ) {
return;
} else {
$location = get_login_redirect_url( get_bloginfo( 'url') . $_SERVER['REQUEST_URI'] );
header( 'Location: ' . $location );
exit();
}
} else {
// WPE: Authenticated, so set the cookie properly. No need if it's already set properly.
$cookie_value = md5('wpe_auth_salty_dog|'.WPE_APIKEY);
if ( ! isset( $_COOKIE[$wpe_cookie] ) || $_COOKIE[$wpe_cookie] != $cookie_value )
setcookie($wpe_cookie,$cookie_value,0,"https://wordpress.stackexchange.com/");
}
}
// Returns the login URL with a redirect link.
function get_login_redirect_url( $url="" ) {
$url = esc_url_raw( $url );
if ( empty( $url ) ) return false;
// setup query args
$query_args = array(
'redirect_to' => urlencode( $url )
);
return add_query_arg( $query_args, apply_filters( 'ass_login_url', wp_login_url() ) );
}