Beginner's Guide for WordPress / Start your WordPress Blog in minutes

How to Create an Intranet for Small Businesses with WordPress (Easy)

Do you want to create a WordPress intranet for your organization? WordPress is a powerful platform with tons of flexible options that makes it ideal to be used as your company’s intranet. In this article, we will show you how to create a WordPress intranet for your organization while keeping it private and secure.

Creating a WordPress intranet for your organization

What is Intranet or Extranet? Why Use WordPress as Your Intranet Platform?

Intranet or Extranet is a communications platform used by an organization for communication, file sharing, announcements, and other organizational activities.

WordPress is an excellent platform to build your organization’s intranet or extranet. It is easy to maintain, open source, and gives you access to thousands of WordPress plugins to add new features when needed.

An intranet runs on an organization’s private network. Typically, an office IT system is connected via cable or wireless network adapters. One computer on the network can be used as the web server and host a WordPress website.

Follow the instructions in our guide on how to install WordPress on a Windows network using WAMP or install WordPress on a Mac computer using MAMP to start your WordPress intranet.

On the other hand, an extranet is an intranet platform accessible to a larger network or public internet. In plain English, this could be a website publicly accessible but restricted to authorized users only.

It is particularly useful if your organization is distributed across different geographic locations.

To create your WordPress extranet, you’ll need a WordPress hosting account and a domain name. After that, you can install WordPress and then set it up to be used as your organization’s intranet.

Once you have installed WordPress as your intranet, the next step is to convert it into a communications hub for your organization.

To do that, you’ll be using several WordPress plugins. We will show you the basic setup that will serve as the foundation for your WordPress intranet to grow and meet your organization’s goals.

Setting Up BuddyPress as Your WordPress Intranet Hub

BuddyPress is a sister project of WordPress. It converts your WordPress website into a social network. Here are some of the things a BuddyPress powered intranet can do:

  • You will be able to invite users to register on company intranet
  • Users will be able to create extended user profiles
  • Activity streams allow users to follow latest updates like Twitter or Facebook
  • You will be able to create user groups to sort users into departments or teams
  • Users can follow each other as friends
  • Users can send private messages to each other
  • You can add new features by adding third-party plugins
  • You’ll have plenty of design options with WordPress themes for BuddyPress

To get started, first you will need to install and activate BuddyPress plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, head over to Settings » BuddyPress page to configure plugin settings.

BuddyPress settings

For complete step by step instructions see our guide on how to turn WordPress into a social network with BuddyPress.

Secure Your WordPress Intranet with All-in-One Intranet

If you are running a WordPress intranet on local server, then you can secure it by limiting access to internal IPs in your .htaccess file.

However, if you are running an Extranet, then your users may be accessing the intranet from different networks and IP addresses.

To make sure that only authorized users get access to your company intranet, you need to make your extranet private and accessible to only registered users.

For that, you’ll need to install and activate the All-in-One Intranet plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, head over to Settings » All-in-One Intranet page to configure the plugin settings.

All in One Intranet settings

First you need to check the box next to ‘Force site to be entirely private’ option. This will make all pages of your WordPress site completely private.

The only thing this plugin will not make private is the files in your uploads directory. Don’t worry, we will show you how to protect it later in this article.

Next, you need to provide a URL where you want users to be redirected when they are logged in. This could be any page on your intranet.

Lastly, you can automatically logout inactive users after a certain number of minutes.

Don’t forget to click on the save changes button to store your settings.

Securing Media Uploads on your WordPress Intranet

Making your website completely private doesn’t affect media files. If someone knows the exact URL of a file, then they can access it without any restriction.

Let’s change that.

For better protection, we will be redirecting all requests made to the uploads folder to a simple PHP script.

This php script will check if a user is logged in. If they are, then it will serve the file. Otherwise, the user will be redirected to the login page.

First you need to create a new file on your computer using a plain text editor like Notepad. After that you need to copy and paste the following code and save the file as download-file.php on your desktop.

<?php
require_once('wp-load.php');

is_user_logged_in() ||  auth_redirect();

list($basedir) = array_values(array_intersect_key(wp_upload_dir(), array('basedir' => 1)))+array(NULL);

$file =  rtrim($basedir,'/').'/'.str_replace('..', '', isset($_GET[ 'file' ])?$_GET[ 'file' ]:'');
if (!$basedir || !is_file($file)) {
	status_header(404);
	die('404 — File not found.');
}

$mime = wp_check_filetype($file);
if( false === $mime[ 'type' ] && function_exists( 'mime_content_type' ) )
	$mime[ 'type' ] = mime_content_type( $file );

if( $mime[ 'type' ] )
	$mimetype = $mime[ 'type' ];
else
	$mimetype = 'image/' . substr( $file, strrpos( $file, '.' ) + 1 );

header( 'Content-Type: ' . $mimetype ); // always send this
if ( false === strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) )
	header( 'Content-Length: ' . filesize( $file ) );

$last_modified = gmdate( 'D, d M Y H:i:s', filemtime( $file ) );
$etag = '"' . md5( $last_modified ) . '"';
header( "Last-Modified: $last_modified GMT" );
header( 'ETag: ' . $etag );
header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );

// Support for Conditional GET
$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;

if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
	$_SERVER['HTTP_IF_MODIFIED_SINCE'] = false;

$client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
// If string is empty, return 0. If not, attempt to parse into a timestamp
$client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0;

// Make a timestamp for our most recent modification...
$modified_timestamp = strtotime($last_modified);

if ( ( $client_last_modified && $client_etag )
	? ( ( $client_modified_timestamp >= $modified_timestamp) && ( $client_etag == $etag ) )
	: ( ( $client_modified_timestamp >= $modified_timestamp) || ( $client_etag == $etag ) )
	) {
	status_header( 304 );
	exit;
}

readfile( $file );

Now connect to your website using an FTP client. Once connected, upload the file you just created to /wp-contents/uploads/ folder on your website.

Next, you need edit the .htaccess file in your website’s root folder. Add the following code at the bottom of your .htaccess file:

RewriteCond %{REQUEST_FILENAME} -s
RewriteRule ^wp-content/uploads/(.*)$ download-file.php?file=$1 [QSA,L]

Don’t forget to save your changes and upload the file back to your website.

Now all user requests to your media folder will be sent to a proxy script to check for authentication and redirect users to login page.

4. Adding Forms to Your WordPress Intranet with WPForms

WPForms

The main goal of a company intranet is communication. BuddyPress does a great job with activity streams, comments, and private messaging.

However, sometimes you’ll need to collect information privately in a poll or survey. You’ll also need to sort and store that information for later use.

This is where WPForms comes in. It is the best WordPress form builder in the market.

Not only it allows you to easily create beautiful forms, it also saves user responses in the database. You can export responses for any form into a CSV file.

This allows you to organize form responses in spreadsheets, print them, and share among your colleagues.

Extending Your WordPress Intranet

By now you should have a perfectly capable intranet for your organization. However, as you test the platform or open it for users, you may want to add new features or make it more secure.

There are plenty of WordPress plugins that can help you do that. Here are some tools that you may want to add right away.

That’s all for now.

We hope this article helped you create a WordPress intranet for your organization. You may also want to see our comparison of the best payroll software for small business.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit – a collection of WordPress related products and resources that every professional should have!

Reader Interactions

21 CommentsLeave a Reply

  1. The article is very helpful. Quick question please, for an intranet, how do other computers on my internal network access the wordpress intranet? If there is a previous article on this please share the link let me go through it. TIA

    • It would depend on how your intranet is set up as each intranet can have its own tools for customizing what URL goes where. If the tool you are using for your network has documentation we would recommend checking that and there should be the option to set where a specific URL directs to.

      Admin

  2. How would you update WP if you do not have access to the internet? Does it have to be done manually through FTP?

  3. I’m a US Peace Corps volunteer in Zambia considering the possibilities of doing this in the rural village where I live. Starting with the two schools who have a few, older computers. There’s no internet here, so this could be fantastic for sharing offline learning like Khan Academy Lite and such. I understand the localhost WordPress component of this, but how do I start by even connecting two computers in a LAN? Is it with cat 5 cables or can it even be done with wireless routers? Thank you. I think an Intranet could be a huge help here.

    • That question is a bit beyond this article, it would depend on what tools you have available but normally one computer would need to be the web server while the other computers need the ability to connect to that computer

      Admin

  4. I tried to implement the Securing Media Uploads script and configured in .htaccess but when I tried to copy the exact image link and access it in a browser that does not have the intranet session it can still access! Did I missed some PHP modules?

  5. I have been using the method described in this article to protect my media for a couple of days now when all of a sudden it stopped working – not sure if sue to a change in server configuration or something else. Media wouldn’t show up for registered users, when diretly requesting a file being logged in a 404 error would appear.

    Solved it by changing two things:

    .htaccess:
    RewriteCond %{REQUEST_FILENAME} -s
    RewriteRule ^wp-content/uploads/(.*)$ wp-content/uploads/download-file.php?file=$1 [QSA,L]

    download-file:
    <?php

    $parse_uri = explode( 'wp-content', $_SERVER['SCRIPT_FILENAME'] );
    require_once( $parse_uri[0] . 'wp-load.php' );

    is_user_logged_in() || auth_redirect();

    Just in case someone has the same problem…

  6. This post was just what I was looking for, so thank you for posting it!
    However, something isn’t right.
    I may be brand spanking new to this whole thing but either the adding of the script for securing media files and/or the 2 lines added to the .htaccess file prevents images from being displayed in the Media Library.
    I’m thinking it’s a permission issue of some type but I’m not really sure how to proceed.

    • Looks like it’s the .htaccess file (2 lines of code) that is causing the images to not load in the Media Library. I put the old one back and the images load. Any advice would be appreciated.

      • Sean, I am having the same problem here. I did a small workaround in the .htaccess:

        RewriteCond %{REMOTE_ADDR} !123.456.789.000
        RewriteCond %{REQUEST_FILENAME} -s
        RewriteRule ^wp-content/uploads/(.*)$ download-file.php?file=$1 [QSA,L]

        The first line makes an exception for my home IP, I might be adding office IPs too. Seems to work quite well.

  7. Your code for restricting the uploads folder doesn’t seem to be working anymore or I might have a plugin conflict.

  8. Hi, thanks for the article!

    I’m planning to use WP in a extranet and this will be very helpful.

    To meet the requirements I also need an unique calendar for the staff.

    It should allow schedule meetings with multiple people and these people should receive an email with the invitation; also this email should contain metadata that added the event to outlook calendar, as it is used to remind people of the meeting. (Everyone uses Outlook as email here).

    Do you guys know any plugin or method to do this?
    I’ve tried several calendar and booking plugins, but none meets this requirement. Specially because it is possible to have multiple meetings at the same time, with different people.

    Thanks in advance!

Leave a Reply to Hjason Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.