Securing a WordPress blog

 I’ve been hosting a family blog and photo site for a good friend for over a year.

They decided recently to ‘lock down’ the site and restrict access to both the blog and the photos to family and friends only.

I spent some of yesterday doing this.

I’ve extensively use WPG2 to integrate WordPress and Gallery2 – and I use the permissions and roles within Gallery2 to successfully limit access to pictures. The most striking example of this is with my sisters Cub Scout web site; non members can read blog posts; but not view pictures.

Securing the WordPress side was a little more tricky. Drupal has a very strong permissions module -especially useful for the anonymous user. Nothing like that for WordPress.

In the end I used the post-levels plugin from Filipe Fortes – it needed some SQL mungling to work with WordPress 2.3 – but the end results were pretty good.

2 Replies to “Securing a WordPress blog”

  1. Thanks for your work on getting post-levels to work with WordPress 2.3 I have one problem still that I wondered if you had seen, I am trying to set up a blog where unregistered users can come see posts that are marked “public”. Once they registered they then could see posts set at level “0”, “1”,etc also

    On my test site unregistered users see the “public” posts but once registered they only see posts set at a higher level, they no longer see the “public” posts

    Do have any ideas to get a registered user to see both “public” and higher level posts?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.