Add this to the top of your header.php file, or a file that will be loaded at the top of every page.
<?php
if(!is_user_logged_in()) {
wp_redirect('/wp-login.php');
exit;
}
?>
Someone will probably point out a reason why not to do this, but it’s the first thing that came to mind.
Related Posts:
- Security error WP 4.0 + WP phpBB Bridge [closed]
- Why can’t I access my Intranet LDAPS with NADI?
- WordPress User Registration/ Sign Up -> Able to take Paid Certification Courses & keep track of Completed Certificates
- What security concerns should I have when setting FS_METHOD to “direct” in wp-config?
- What Are Security Best Practices for WordPress Plugins and Themes? [closed]
- Are WordPress Plugins essential?
- What are the common security flaws I need to look for? [closed]
- Security and .htaccess
- Why “Contact Form 7” doesn’t update PHPmailer library?
- Are there procedures to prevent malicious plugin updates?
- Secure WordPress paid plugin
- How to make media upload private? [duplicate]
- Does WordPress contain “default” anti-SQL injection code that responds with a 404 error?
- How can I log a user out of WordPress before the page loads?
- What does a security risk in a plugin look like?
- WordPress Capabilities: edit_user vs edit_users
- How to check plugins for malicious code?
- How to properly secure my WordPress installation?
- Where should my plugin POST to?
- How to assign user a role if none is present when logging in
- How do you import members from another system to WordPress and update passwords so they’ll work?
- Why am I sometimes getting a 404 error when I try to update a page with Elementor?
- Should I use RIPS tool to test my themes and plugins?
- Why users disable the WordPress update?
- How many security plugins are too many? [closed]
- Will WordPress username displayed somewhere in the site?
- Upgrading WordPress 4.0 asks for FTP password
- Is revealing just the AUTH_KEY a security issue?
- How Restrict access to admin dashboard by specific static ip?
- Protecting against malicious code in WordPress plugin updates
- Questions about brute force attacks on the admin username, coming from amazon IP addresses
- Why Better WP security plugin returns 418 I’m a Teapot “error”?
- How to expire all wordpress user passwords instantly?
- Use WordPress with a custom OAuth2 provider
- How to limit WordPress pages during updates?
- rms_unique_wp_mu_pl_fl_nm.php
- Security issues with WP sites
- Security checking in meta_box save is reluctant?
- Should you escape hardcoded URLs?
- How To Clean The Malware Infected & Hacked WordPress Websites? [duplicate]
- How to delete Passwrd Protected posts cookies when a user logged out from the site
- The safest way to automate WordPress backups
- wp_create_nonce function doesn’t work inside a plugin?
- Does WordPress validate inputs to all functions? (such as get_user_meta and insert_user_meta)
- Upgraded to latest version – 3.0.3 and Now I get a “sufficient permissions to access this page” error
- Headers Content-Security-Policy CSP Major Issue
- How to block plugin activations with no known user or coming from unknown IP address range?
- Nonce failing on form submission
- Standard Fail2Ban vs. WP Fail2ban vs. WP Fail2Ban Redux
- Can’t view ‘More details’ on plugins pop up is blank and Authy pop up
- Malware installation during plugin update?
- I should enable automatic updates?
- Can some vulnerabilities in plugins be exploited even when the plugin is inactive?
- Prevent direct access to WordPress plugin assets?
- Too many login attempts
- Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
- Website show Google Ads when we have no Google Ads linked to our website
- Vulnerability Concern From the Plugin or From Not Updating the Plugin?
- Custom API plugin to execute 3rd party API to retrieve data
- How to deal with Slow HTTP POST (slowloris) vulnerability
- Running multiple security plugins
- how do I secure my WP website from hackers? [closed]
- Chrome Dev Tools console says every page in my blog has link to http://maps.google.com [closed]
- Webservice credential storage [duplicate]
- Regarding plugin security
- How do I determine if the user who registered is not spam?
- Cannot access empty property error in Advanced Access Manager
- Is this plugin safe to run?
- Is the Block Bad Queries Plugin Still Relevant?
- 404 errors when updating options in admin dashboard
- Hide plugins and theme from public
- Security of a WordPress Plugin
- How can I disable new plugin and theme install, but allow updates?
- Validating ajax search
- How to store a secret for a plugin inside public_html
- create pages automatically and dynamically in wordPress
- WordPress disable direct access of files in WordPress installation path
- Asking help regarding potential malware
- Bing/msn bots is heavily requesting random of my website
- How can I upload and password protect Javadocs in WordPress?
- Securing a plugin pop-up window
- Why does WordPress use cookies for /wp-admin and /wp-content/plugins for non-admin users [duplicate]
- Being hacked. Is there a list of WordPress security holes I can check against?
- wp_verify_nonce fails always
- How can i see/log all requests coming from a registration form (not from the UI)?
- Write mysql credentials in plugin
- Site is continuously accessing by several IPs
- Validating values using Settings API?
- SWF in wordpress post
- Unwanted Links and Spam WordPress Pages and Posts
- WordPress ReAuth =1 Loop with wpCAS
- Advice on setting up private site
- Problem with permissions in wp-content/plugins
- File permissions for wp-minify plugin
- What is the recommended way to be notified of security updates to my plugins? [closed]
- My WP site and password was hacked, what to do? [closed]
- How to resolve these findings from security audit
- How to rename files during upload to a random string?
- Social login authentication via wordpress rest api
- Block Root REST API Route using custom &/or iThemes