Display a maintenance mode page and allow invited visitors to bypass the functionality to preview the site.
This plugin is intended primarily for designers / developers that need to allow clients to preview sites before being available to the general public or to temporarily hide your WordPress site while undergoing major updates.
Any logged in user with WordPress administrator privileges will be allowed to view the site regardless of the settings in the plugin. The exact privilege can be set using a filter hook – see FAQs.
The behaviour of this plugin can be enabled or disabled at any time without losing any of the settings configured in its settings pane. However, deactivating the plugin is recommended versus having it activated while disabled.
When redirect is enabled it can send 2 different header types. “200 OK” is best used for when the site is under development and “503 Service Temporarily Unavailable” is best for when the site is temporarily taken offline for small amendments. If used for a long period of time, 503 can damage your Google ranking.
A list of IP addresses can be set up to completely bypass maintenance mode. This option is useful when needing to allow a client’s entire office to access the site while in maintenance mode without needing to maintain individual access keys.
Access keys work by creating a cookie on the user’s computer that will be checked for when maintenance mode is active. When a new key is created, a link to create the access key cookie will be emailed to the email address provided. Access can then be revoked either by disabling or deleting the key.
This plugin allows three methods of notifying users that a site is undergoing maintenance:
They can be presented with a simple message.
They can be presented with a custom HMTL page.
They can be redirected to a static HTML page. This static page will need to be uploaded to the server via FTP or some other method. This plugin DOES NOT include any way to upload the static page file. Any URL can be used here, and it doesn’t need to be on the same server (so you could redirect back to the client’s current site if you’re working on a dev site, for example). However, it should NOT be the URL of a WordPress page or post on the same site as this will result in an infinite redirect loop.
Upload the jf3-maintenance-mode
folder to your plugins directory (usually /wp-content/plugins/
).
Activate the plugin through the Plugins
menu in WordPress.
Configure the settings through the Maintenance Redirect
Settings panel.
This plugin is designed to block only the normal display of pages in the web browser. It will not effect any other calls to WordPress, such as the Rest API.
This means that services such as the PayPal and Stripe integrations in WooCommerce, for example, are still able to function for testing WooCommerce stores.
It also means that all of the usual WordPress REST endpoints are active. If you wish to completely lock down your site’s data then you will need to find an additional solution to block those calls.
There is a filter which allows you to programatically bypass the redirection block:
wpjf3_matches
This allows you to run pretty much any test you like, although be aware that the whole redirection thing runs before the $post
global is set up, so WordPress conditionals such as is_post()
and is_tax()
are not available.
This example looks in the $_SERVER
global to see if any part of the URL contains “demo”
function my_wpjf3_matches( $wpjf3_matches ) { if ( stristr( $_SERVER['REQUEST_URI'], 'demo' ) ) $wpjf3_matches[] = "<!-- Demo -->"; return $wpjf3_matches; } add_filter( "wpjf3_matches", "my_wpjf3_matches" );
Props to @brianhenryie for this!
By default, Maintenance Redirect uses the manage_options
capability, but that is normally only applied to administrators. As it stands, a user with a lesser permissions level, such as editor, is able to view the admin side of the site, but not the front end. You can change this using this filter:
wpjf3_user_can
This filter is used to pass a different WordPress capability to check if the logged-in user has permission to view the site and thus bypass the redirection, such as edit_posts
. Note that this is run before $post
is set up, so WordPress conditionals such as is_post()
and is_tax()
are not available. However, it’s not really meant for programatically determining whether a user should have access, but rather just changing the default capability to be tested, so you don’t really need to do anything other than the example below.
function my_wpjf3_user_can( $capability ) { return "edit_posts"; } add_filter( "wpjf3_user_can", "my_wpjf3_user_can" );
wpjf3_matches
filter to allow programatical bypasses. Thanks to @brianhenryie for this.wpjf3_user_can
filter to allow the WordPress capability check to be changed so logged-in users can be allowed to bypass the redirect.