Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
25 Million+
Websites using our plugins
Years of WordPress experience
WordPress tutorials
by experts

How to Restrict WordPress Site Access by IP or Logged In Users

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

You are about to launch a new product, and you have developed a great website for it using the world’s favorite web publishing platform, WordPress. You want to test it live on its own domain and hosting, but you are not yet ready to make it public just yet. Earlier in another article we talked about how to password protect WordPress without user registration. How about limiting access to a site for visitors who are logged in or allowed by IP addresses? In this article we will show you how to restrict WordPress site access by IP or logged in users.

Video Tutorial

Subscribe to WPBeginner

If you don’t like the video or need more instructions, then continue reading.

First thing you need to do is install and activate Restricted Site Access plugin. After activating the plugin, go to Settings » Reading. Scroll down to the bottom and you will see options to configure restricted access.

Restricting access to a site for logged in users or specific IP address

Using Restricted Site Access plugin, you can restrict access to a WordPress site for logged in users only or for people with specific IP addresses. You can also choose to redirect users with no access to the site by sending them to the login page, redirect to another web address, show them a custom message, or even redirect them to a specific page (coming soon page) that you have created on the same site. Restrict by IP feature is very useful if you want multiple employees in the office to have access to the development project without requiring them to register as a user.

This plugin can be extremely useful for beta testing your site before a product launch. It is also good for creating private blogs for friends and family only. We hope that this article helps you run your projects discretely. Do you have other ways that you have used to restrict WordPress site access? Share it with us in the comments below.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

25 CommentsLeave a Reply

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. Jeff says

    Can you restrict by IP by role? We want to limit by IP user logins that have full admin rights. Subscribers, Authors, and Editors will not be limited by IP address.

    • WPBeginner Support says

      We do not have a specific recommendation for role-specific limitations at the moment but we will be sure to share if we find a method we would recommend.


  3. Prince Lee says

    I was wondering if there was a way to restrict my signup page to only visitors from a given location

  4. Terry says

    I think this plugin is great for my wholesale accounts. but the end user (retail) for me is a customer that has to approve designs. I do not understand how to make the private page with password open for them while keeping the wholesale side ip protected. Is there a plugin that allows access by page while restricting by ip address. The password feature for the wholesale side is too vulnerable to being shared.

  5. chris says

    According to the FAQ’s here is a way to make exceptions for specific pages:


    function impressum_override( $is_restricted, $wp ) {
    // check query variables to see if this is the feed
    if ( ! empty( $wp->query_vars[‘pagename’] != ‘name-of-page’ ) ) {
    $is_restricted = false;
    return $is_restricted;

  6. Eran says

    The only problem is that this plugin restricts the access to lost password page as well.. this is a problem..

    • Jim Gore says

      I also liked this simple and effective plugin, until I discovered that the lost password page couldn’t be reached. I also tried another nice plugin (restrict site access), also simple to set up & effective, but it suffered the same problem. The author of that plugin suggested that the problem could be resolved by hooking code in to handle that page.

  7. Shoeb says

    How to handle the scenario with the Dynamic IP addresses. If we unrestrict certain IP addresses then every time the IP address will get change. Then what to do in this situation ?

  8. Mariska Van de Langenberg says

    If you would have a subscription sign up for a product as well as a registration as affiliate on your site….would there be an option to avoid people to sign up as affiliate first and then subscribe to the product in order to get commissioned on them? Like a check on IP amongst the affiliate IP’s?

  9. kate says

    I have a problem when my members sign up they are taken to payment page but if they click off this page they can log in without paying. How do i restrict their access until they have paid the fee

    in a nutshell How can i restrict access to my members until they pay

  10. Mona says

    Can you please clarify the following:

    By restricting site access to those who are “logged in” – does that mean users have to set up a WordPress account? I’m trying to make it as easy as possible for the non-savvy computer user for accessing a family website.

    Also, do restricted access plugins only work on self hosted sites? What about free sites like


  11. Ruchi says

    Is there a way to restrict users to only a certain section on the site, where they can access product data etc. based on an email login? I’m an amateur webmaster and have been struggling with this.

      • Ruchi says

        Thanks. I ended up using word press access control since it allowed more customization, been workin like a charm..
        Used a lot of tips from your website though. You guys are doing a great job! Thanks much!

  12. Simon says

    So basically install a plugin… what a very informative article.

    If anyone else is interested you can add code in your functions file to prevent anyone who is not logged in from viewing your site:

    function password_protected() {
    if ( !is_user_logged_in() ) {
    add_action(‘template_redirect’, ‘password_protected’);
    add_action(‘do_feed’, ‘password_protected’);

    • Editorial Staff says

      Thank you for sharing an alternative code solution, but why reinvent the wheel? There is absolutely nothing wrong with installing a plugin to do a simple task. That’s what plugins are made for. Also the author of that plugin is fairly well-reputed in the community. When we need to restrict site access by IP or logged in users, we use this plugin.


    • Barry says

      Hi simon,

      Your code seems so simple yet it doesn’t work for me. I even check by putting a simple echo before the if statement to check if the function is being called at all and it doesn’t.

      So which add_action should i use?

    • Malc says

      Simon, this plugin allows access to a whitelist of IP addresses. Not a common request – but very useful from time to time. Do you have code that could handle that function?

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.