Write this into a plugin:
add_action( 'template_redirect', 'auth_redirect' );
As plugin on GitHub.
This will force all visitors login if they aren’t already.
In some cases, this is asking for a log-in every time. This might work better:
is_admin() || add_action( 'template_redirect', function() {
if ( ! is_user_logged_in() )
auth_redirect();
});
If you want to send a 404 status instead, you can replace the auth_redirect()
with:
wp_die( 'Nope.', 'Not found', [ 'response' => 404 ] );