Security through obscurity isn’t a good pattern to follow. You have to have a URL to make XHR or JSONP calls. Anyone who knows anything about searching the DOM using developer tools, Firebug, etc… can easily find your remote script URL. To me, this is the wrong question to ask. The more relevant question to … Read more
By deafault, any sub-site is open to public. You would need to add code to check if a user is logged in. And if user is logged in, does he have the right priviliges? What I would do, is to create one new role for each sub-site. Then when a new user registers, I would … Read more
Open your theme’s headr.php file and add at the top <?php if( !is_user_logged_in() ) { wp_redirect(get_permalink(123)); exit; } ?> just change 123 to the id of your about page, or replace get_permalink(123) with the about page URL example: <?php if( !is_user_logged_in() ) { wp_redirect(‘http://mydomain.com/about’); exit; } ?>
I think the best way is just to create accounts for every people from spreadsheet. You can use code provided here but generating random passwords instead and sending a mail to each registered user with their information and alerting them to change their passwords on first login.
You can combine these features by using the free versions of two plugins, Profile Builder that allows you to create a register form, the option of an admin approval and email confimation, login options; and Members that gives you control over which users (by role) have access to post content.
As already mentioned in the comments, private posts are private for a good reason. If you want to change this behaviour, you could probably alter the get_posts() which is used to retrieve your posts. I did not try it, but this could work: $args = array( ‘post_status’ => array( ‘publish’, ‘private’ ) ); $myposts = … Read more
WordPress allows you to mark posts and pages as ‘private’ and set a password on the content which is controllable in the admin: http://codex.wordpress.org/Content_Visibility#Password_Protected_Content If you set multiple pages with the same password, the user will only need to enter it once. http://codex.wordpress.org/Using_Password_Protection#Password_Protecting_Many_Posts_and_Pages
You could use Buddypress to achieve this along with this plugin: https://wordpress.org/plugins/bp-redirect-to-profile/ Hope that helps.
Automatic updates of plugins and themes outside of wordpress.org
If people can guess the file download urls then they will still be able to get to them (e.g. if someone who has access shares the download urls out). To get around that kind of problem you typically need to set up a file handler script that will grab them from a protected directory that … Read more