WordPress Plugin – Registered Only – Fix

In my “real life” I manage a number of blogs for both clients and friends, mostly WordPress. One of the blogs had a requirement that was to completely password protect the entire site – i.e. only registered users could view any page/post.

For this I initially set up .htaccess password protection – quick and simple.

However, we found out that this prevented the WordPress iPhone App from login in and doing it’s stuff. So we had to look for another solution.

After doing some Googling I found a post all about password protecting wordpress on the Cre8d Design blog. This pointed me to the “Registered Only” plugin. Whilst it is quite old (4 years since last commit) it should have been just what I was looking for, so I downloaded it, installed and activated (taking care to follow the readme and remove the RSS feeds)

When testing it out it displayed the login box on first visit to the site – prefect. However, I logged in, but it still showed the login box. I assumed I typed in the wrong password, so I tried again. Same result.

Argh, a bug!

Probably because it was meant for a much older version of WordPress (this blog was using 2.6.3 – now upgraded to2.7)

There was only one thing for it, I had to view the source! Which turned out to be relatively simple:

function carthik_bouncer() {
    if (substr($_SERVER['SCRIPT_NAME'], -12) != "wp-login.php") {
        auth_redirect();
    }
}
add_action('init', 'carthik_bouncer');

The problem was clearly the auth_redirect() function. After some searching, I found this thread in the WordPress Support forums, after which I dutifully modified the code to this:

function carthik_bouncer() {
    if (substr($_SERVER['SCRIPT_NAME'], -12) != "wp-login.php") {
	    if (!is_user_logged_in()) { auth_redirect(); }
    }
}
 
add_action('init', 'carthik_bouncer');

Success! It works prefectly.

If you need to know, here is a patch:

--- registered-only-old.php	2008-12-12 14:00:09.000000000 +0100
+++ registered-only-new.php	2008-12-12 14:01:21.000000000 +0100
@@ -26,7 +26,7 @@
 
 function carthik_bouncer() {
     if (substr($_SERVER['SCRIPT_NAME'], -12) != "wp-login.php") {
-        auth_redirect();
+	    if (!is_user_logged_in()) { auth_redirect(); }
     }
 }