prevent anonymous access to WordPress site (non-admin site)

Add this to the top of your header.php file, or a file that will be loaded at the top of every page.

<?php
if(!is_user_logged_in()) {
    wp_redirect('/wp-login.php');
    exit;
}
?>

Someone will probably point out a reason why not to do this, but it’s the first thing that came to mind.

Related Posts:

  1. Security error WP 4.0 + WP phpBB Bridge [closed]
  2. Why can’t I access my Intranet LDAPS with NADI?
  3. WordPress User Registration/ Sign Up -> Able to take Paid Certification Courses & keep track of Completed Certificates
  4. What security concerns should I have when setting FS_METHOD to “direct” in wp-config?
  5. What Are Security Best Practices for WordPress Plugins and Themes? [closed]
  6. Are WordPress Plugins essential?
  7. What are the common security flaws I need to look for? [closed]
  8. Security and .htaccess
  9. Why “Contact Form 7” doesn’t update PHPmailer library?
  10. Are there procedures to prevent malicious plugin updates?
  11. Secure WordPress paid plugin
  12. How to make media upload private? [duplicate]
  13. Does WordPress contain “default” anti-SQL injection code that responds with a 404 error?
  14. How can I log a user out of WordPress before the page loads?
  15. What does a security risk in a plugin look like?
  16. WordPress Capabilities: edit_user vs edit_users
  17. How to check plugins for malicious code?
  18. How to properly secure my WordPress installation?
  19. Where should my plugin POST to?
  20. How to assign user a role if none is present when logging in
  21. How do you import members from another system to WordPress and update passwords so they’ll work?
  22. Why am I sometimes getting a 404 error when I try to update a page with Elementor?
  23. Should I use RIPS tool to test my themes and plugins?
  24. Why users disable the WordPress update?
  25. How many security plugins are too many? [closed]
  26. Will WordPress username displayed somewhere in the site?
  27. Upgrading WordPress 4.0 asks for FTP password
  28. Is revealing just the AUTH_KEY a security issue?
  29. How Restrict access to admin dashboard by specific static ip?
  30. Protecting against malicious code in WordPress plugin updates
  31. Questions about brute force attacks on the admin username, coming from amazon IP addresses
  32. Why Better WP security plugin returns 418 I’m a Teapot “error”?
  33. How to expire all wordpress user passwords instantly?
  34. Use WordPress with a custom OAuth2 provider
  35. How to limit WordPress pages during updates?
  36. rms_unique_wp_mu_pl_fl_nm.php
  37. Security issues with WP sites
  38. Security checking in meta_box save is reluctant?
  39. Should you escape hardcoded URLs?
  40. How To Clean The Malware Infected & Hacked WordPress Websites? [duplicate]
  41. How to delete Passwrd Protected posts cookies when a user logged out from the site
  42. The safest way to automate WordPress backups
  43. wp_create_nonce function doesn’t work inside a plugin?
  44. Does WordPress validate inputs to all functions? (such as get_user_meta and insert_user_meta)
  45. Upgraded to latest version – 3.0.3 and Now I get a “sufficient permissions to access this page” error
  46. Headers Content-Security-Policy CSP Major Issue
  47. How to block plugin activations with no known user or coming from unknown IP address range?
  48. Nonce failing on form submission
  49. Standard Fail2Ban vs. WP Fail2ban vs. WP Fail2Ban Redux
  50. Can’t view ‘More details’ on plugins pop up is blank and Authy pop up
  51. Malware installation during plugin update?
  52. I should enable automatic updates?
  53. Can some vulnerabilities in plugins be exploited even when the plugin is inactive?
  54. Prevent direct access to WordPress plugin assets?
  55. Too many login attempts
  56. Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
  57. Website show Google Ads when we have no Google Ads linked to our website
  58. Vulnerability Concern From the Plugin or From Not Updating the Plugin?
  59. Custom API plugin to execute 3rd party API to retrieve data
  60. How to deal with Slow HTTP POST (slowloris) vulnerability
  61. Running multiple security plugins
  62. how do I secure my WP website from hackers? [closed]
  63. Chrome Dev Tools console says every page in my blog has link to http://maps.google.com [closed]
  64. Webservice credential storage [duplicate]
  65. Regarding plugin security
  66. How do I determine if the user who registered is not spam?
  67. Cannot access empty property error in Advanced Access Manager
  68. Is this plugin safe to run?
  69. Is the Block Bad Queries Plugin Still Relevant?
  70. 404 errors when updating options in admin dashboard
  71. Hide plugins and theme from public
  72. Security of a WordPress Plugin
  73. How can I disable new plugin and theme install, but allow updates?
  74. Validating ajax search
  75. How to store a secret for a plugin inside public_html
  76. create pages automatically and dynamically in wordPress
  77. WordPress disable direct access of files in WordPress installation path
  78. Asking help regarding potential malware
  79. Bing/msn bots is heavily requesting random of my website
  80. How can I upload and password protect Javadocs in WordPress?
  81. Securing a plugin pop-up window
  82. Why does WordPress use cookies for /wp-admin and /wp-content/plugins for non-admin users [duplicate]
  83. Being hacked. Is there a list of WordPress security holes I can check against?
  84. wp_verify_nonce fails always
  85. How can i see/log all requests coming from a registration form (not from the UI)?
  86. Write mysql credentials in plugin
  87. Site is continuously accessing by several IPs
  88. Validating values using Settings API?
  89. SWF in wordpress post
  90. Unwanted Links and Spam WordPress Pages and Posts
  91. WordPress ReAuth =1 Loop with wpCAS
  92. Advice on setting up private site
  93. Problem with permissions in wp-content/plugins
  94. File permissions for wp-minify plugin
  95. What is the recommended way to be notified of security updates to my plugins? [closed]
  96. My WP site and password was hacked, what to do? [closed]
  97. How to resolve these findings from security audit
  98. How to rename files during upload to a random string?
  99. Social login authentication via wordpress rest api
  100. Block Root REST API Route using custom &/or iThemes
techhipbettruvabetnorabahisbahis forumutaraftarium24edueduseduedueduseduseduseduedusedu