Prevent careless visitors by locking your site down with a PIN
Whenever a site is under development, or its content should remain private, you want to prevent to general public
from reading it – whether deliberately or by accident.
A comman way to do this is with HTTP authorisation,
but this has some problems:
.htaccess
file),Site PIN solves these problems by replacing authorisation with a simple PIN. This has the following advantages:
site-pin
folder to the /wp-content/plugins/
directoryIf you log into WordPress, you don’t need a PIN.
No, search engines won’t index the site while it’s locked with a PIN.
No, it can be any number of digits. In fact it can use numbers, letters and punctuation like any password,
but people are in the habit of thinking of a PIN as a few digits.
Immediately change the PIN, and disable that person’s user if they have one. And be more careful in the future!
Note that even the lowest level of user (typically Subscriber) still has access to the site, so you have to disable
somebody’s account entirely to stop them logging in.
Yes, you can set a custom message to display on the PIN entry screen. But giving a hint can be dangerous
because an attacker may be able to work it out. An example of a bad PIN would be something like “our address” or
“the year the company was started” since that’s information anybody could find out.
A better hint might be “the same as the PIN on the warehouse door” because only employees should know that.
Only administrators can change the PIN. Any contributor can see the PIN.
If you want to adjust WordPress’ permissions with code of your own, the ability to edit the PIN uses the
edit_theme_options
permission while the ability to read the PIN uses the
edit_posts
permission.