Intranet & Private Site – All-In-One Intranet
WordPress is one of the most popular platforms for building corporate intranets and private company websites. The problem is that WordPress was designed for public-facing sites. Making it work as a private intranet typically requires installing multiple plugins, configuring each one separately, and hoping they all play nicely together. All-In-One Intranet solves this by giving you everything you need in a single plugin to turn your WordPress site into a fully private intranet. Enable privacy with one checkbox, set up auto-logout to protect sensitive information, configure where users land after login, and manage multisite access controls – all from one settings page. Whether you are building a corporate intranet, a private knowledge base, a restricted client portal, or an internal communications hub, this plugin handles the foundational privacy and access control so you can focus on your content. What is an Intranet? An intranet is a private website or network used internally by an organization. Unlike a public website, an intranet is only accessible to authorized users – typically employees, contractors, or specific team members. Common uses for a WordPress intranet include: Internal company communications and announcements Employee handbooks, policies, and procedures Knowledge bases and documentation wikis Project collaboration and team coordination HR portals for onboarding and training materials Client portals with restricted access to project files WordPress is well suited for all of these because of its familiar editing interface, extensive plugin ecosystem, and flexible user role system. All-In-One Intranet provides the access control layer that makes it all work. Features All-In-One Intranet includes five core features designed to cover the most common intranet requirements: One-Click Private Site Enable the “Force site to be entirely private” checkbox, and your entire WordPress site becomes restricted to logged-in users only. Anyone who is not logged in gets redirected to the WordPress login page automatically. This single setting handles multiple layers of privacy at once: Page and post access – all frontend content requires authentication REST API protection – unauthenticated REST API requests are blocked with a 401 error, preventing data leaks through the API XML-RPC blocking – XML-RPC is disabled entirely when privacy is active, closing another potential access vector Search engine blocking – the robots.txt file is automatically updated to disallow all crawling, keeping your private content out of search indexes Pingback suppression – outgoing pingbacks and trackbacks are disabled so your private site does not announce itself to external services Feed protection – RSS, Atom, and comment feeds require authentication, so protected posts and comments cannot be read through /feed/ or crafted feed URLs Comment and trackback blocking – unauthenticated visitors cannot post comments or trackbacks to protected content through wp-comments-post.php or wp-trackback.php Admin endpoint gating – the admin-ajax.php and admin-post.php handlers require a valid login, so public “nopriv” actions registered by your theme or other plugins do not run for logged-out visitors Entry-point coverage – WordPress files that load the site outside the normal page render, such as wp-links-opml.php (the blogroll and OPML export) and wp-activate.php, are sealed so they cannot leak post content, feeds, your site title, or the WordPress version number Slug enumeration prevention – WordPress’s canonical redirect no longer reveals the slugs of private posts to unauthenticated visitors on pretty permalinks Role and membership enforcement – the REST API and comment gates apply the same role and sub-site membership checks as the rest of the site, so a logged-in user with no role, or who is not a member of the current sub-site, cannot read API content or post comments they would otherwise be blocked from The plugin also monitors your WordPress registration settings. If “Anyone can register” is enabled on a single site, or if open registration is allowed on a multisite network, the plugin displays a warning on the settings page so you can fix it before it becomes a problem. Auto-Logout for Inactive Users Shared workstations and forgotten browser tabs are a real security risk for intranets. The auto-logout feature lets you set a maximum idle time – in minutes, hours, or days – after which users are automatically logged out. The plugin tracks each user’s last activity timestamp. On every page load, it checks whether the configured idle time has been exceeded. If a user has been inactive for too long, they are logged out immediately and redirected back to the page they were viewing, which triggers the login wall if the site is private. This protects sensitive company information without requiring users to remember to log out manually. Set it to 30 minutes for high-security environments, a few hours for typical office use, or leave it blank to disable the feature entirely. Custom Login Redirect By default, WordPress sends users to the dashboard after they log in. For an intranet, this is not useful – your team is logging in to read content, not to manage the site. The login redirect feature lets you set any URL on your site as the post-login landing page. Point it to your company homepage, a news feed, or a team dashboard so users see relevant content right away. This redirect only applies when users log in directly through the standard WordPress login page. If a user tries to access a specific page and gets redirected to log in first, they will be sent back to that page after authentication – not to the custom redirect URL. This keeps the user experience smooth. Multisite Sub-site Privacy If you run a WordPress multisite network, you can require logged-in users to be members of a specific sub-site before they can view it. This is useful for organizations with multiple departments, teams, or client areas – each with their own sub-site that should only be visible to relevant people. When a user who is logged in but not a member of the current sub-site tries to access it, they see a message listing all the sub-sites they do have access to, with clickable links to navigate there. Access to the Network Admin area is never restricted by this setting. This option works in combination with the main privacy setting. Enable private site first, then enable sub-site membership requirements for granular access control across your network. Multisite Default Role Assignment Managing user access across multiple sub-sites in a WordPress network can be tedious. Every time you add a new user or create a new sub-site, you would need to manually assign roles across all the relevant sites. The default role assignment feature automates this. Choose a role (Subscriber, Editor, Administrator, or any custom role), and the plugin handles the rest: When a new user is created, they are automatically added to every active sub-site in the network with the selected role When a new sub-site is created, all existing users are automatically added to it with the selected role This saves significant administration time, especially for growing organizations where new employees and new sites are added regularly. How to Make Your WordPress Site Private Setting up a private WordPress site with All-In-One Intranet takes about one minute: Install and activate the plugin from the WordPress plugin directory Go to Settings > All-In-One Intranet in your WordPress admin (or Network Admin > Settings > All-In-One Intranet for multisite) Check the box labeled “Force site to be entirely private” Click Save Changes That is all it takes. Your site is now private. Any visitor who is not logged in will be redirected to the WordPress login page. The REST API, XML-RPC, and search engine indexing are all locked down automatically. If you see a warning about registration settings after enabling privacy, follow the link in the warning to disable open registration and close the gap. How to Set Up Auto-Logout for Inactive Users The auto-logout feature protects your intranet from unattended browser sessions: Go to Settings > All-In-One Intranet Find the Auto Logout section Enter a number in the time field (e.g., 30) Select the time unit from the dropdown: Minutes, Hours, or Days Click Save Changes Users who are inactive for longer than the configured period will be logged out on their next page interaction. Their activity timer resets on every page load, so active users are never interrupted. To disable auto-logout, clear the time field and save. How to Configure Login Redirect To send users to a specific page after they log in: Go to Settings > All-In-One Intranet Find the Login Redirect section Enter the full URL of your desired landing page (e.g., https://example.com/welcome) Click Save Changes Users who log in via /wp-login.php will now land on that page instead of the WordPress dashboard. Users who were redirected to the login page from a specific URL will still return to that URL after logging in. How to Set Up a WordPress Multisite Intranet For organizations running a WordPress multisite network: Go to Network Admin > Settings > All-In-One Intranet Enable “Force site to be entirely private” to restrict the entire network to logged-in users Optionally enable “Require logged-in users to be members of a sub-site to view it” for per-site access control Under Sub-site Membership, select a default role to automatically assign users to sub-sites Click Save Changes The privacy and membership settings apply network-wide. The default role assignment runs automatically when new users or new sub-sites are created. Existing sub-sites and users are not affected retroactively when you change the role setting. Security Features All-In-One Intranet takes a layered approach to access control: Authentication enforcement – uses WordPress’s built-in auth_redirect() function for reliable login redirection REST API lockdown – blocks unauthenticated API requests, preventing data access through endpoints like /wp-json/wp/v2/posts XML-RPC disabling – completely disables XML-RPC when privacy is active No-role user handling – on single-site installations, users who are logged in but have no assigned role are logged out and shown an error message, preventing access by deactivated accounts Registration monitoring – displays admin warnings if WordPress is configured to allow open registration, which would undermine your private site setup Nonce verification – all settings forms use WordPress nonce validation to prevent cross-site request forgery Capability checks – settings pages require manage_options (single site) or manage_network_options (multisite) capabilities Note that media uploads (images, PDFs, etc.) remain accessible to anyone who knows their direct URL. This is a limitation of how WordPress stores media files and is common to most privacy plugins. If you need to protect individual file downloads, consider a dedicated file protection plugin alongside All-In-One Intranet. For Developers All-In-One Intranet provides the aioi_allow_public_access filter for developers who need to make specific pages or endpoints accessible without authentication. This filter runs during both the template redirect check and the REST API dispatch check. Return true to allow public access for the current request: add_filter( 'aioi_allow_public_access', function( $allow ) { // Allow public access to a specific page if ( is_page( 'public-landing' ) ) { return true; } return $allow; } ); This is useful for exposing specific landing pages, webhook endpoints, or custom API routes while keeping the rest of the site private. Google Workspace Integration If your organization uses Google Workspace (formerly Google Apps), two companion plugins extend your intranet: Google Apps Login – lets employees sign in to WordPress using their Google Workspace accounts. Domain admins can manage WordPress access entirely from the Google Admin Console, and only authorized employees can access the intranet. Google Drive Embedder – allows authors to embed Google Docs, Sheets, Slides, and other Drive files directly into pages and posts. Useful for intranets where documentation lives in Google Drive. Visit wp-glogin.com for more information about these and other plugins.
Top keywords
- wordpress29×1.52%
- intranet25×1.31%
- users23×1.20%
- access21×1.10%
- site21×1.10%
- page20×1.05%
- private19×0.99%
- role14×0.73%
- login13×0.68%
- all-in-one12×0.63%
- all-in-one intranet12×0.63%
- network12×0.63%
BuddyPress Members Only
BuddyPress Members Only is a BuddyPress plugin that restricts your BuddyPress to logged in/registered members only. opt to just allow logged in users to view your site, non members can only open a few specified page which you setting in our plugin back end. Logged in users have full access on your BuddyPress site. opt to open or close a few buddypress components to guest: for example, you can just enable Buddypress Activity Component pages to subscriber user role, then open buddypress groups component pages to support user role, and open users profile component pages to customer user role, and opt to buddypress member component pages open for non member users, and … and so on. Check Demos The plugin is a simple & quick & light BuddyPress Membership solution, it allows you to make your buddypress site only viewable to visitors that are logged in, you can just activate the plugin and finish a little setting work quickly in admin panel and it will begin the work. If you do not setting it in back end, it works well too, it is super easy to use. Also the plugin support custom your wordpress login link, redirect buddypress login users to buddypress profile page or buddypress activity page or buddypress members page, and opt to restrict wordpress post or not, you can opt to restrict custom post type via a few clicks too. You can setup which pages on your site will open to guest very quickly: The plugin is very easy to use Once activated our BuddyPress Membership plugin, your buddypress / wordpress site will instantly become a private community. In backend, you can decide which parts of your site are open to guest. You can restricts Bubbypress standard components to non-member users, for example , you can open buddypress activity pages to guest, but protect members pages to guest… and so on. When guest users try to view any other pages on your site, they will be redirected to the URL which you set up in “Register Page URL” — you can select other pages in this URL too, for example, landing page, or membership payment page… and so on By default, Home page of your site is always be opened to non member users. Login page will always be opened to non member users. Register page will always be opened to non member users. Lost Password page will always be opened to non member users. User activation page will always be opened to non member users. In backend “Buddypress Members Only Setting” menu -> Option Panel, you can set up “Register Page URL”, “Opened Page URLs”, please check screenshost at https://wordpress.org/plugins/buddypress-members-only/screenshots/ “Opened Page URLs” will opened to non member users always. “Register Page URL” will opened to non member users always. BuddyPress Login Rrdirect: opt to redirect logged in users to buddypress profile page or buddypress members page or buddypress activity page. If you did not install buddypress, this option will be ignored. Open WordPress Posts: options to only protect your buddypress pages, so other section on your wordpress site will be open to the guest users. Custom / Hide WordPress / BuddyPress login link: In setting panel, opt to custom your wordpress login link to stop spam bot find your buddypress private site. WordPress page Level Protect: in setting panel, options to enable page level protect, if you enable page level protect, in post editor, you will find “Allow everyone to access the page” checkbox in meta box, you can opt to specific any post open to all guest users Restrict custom post types: In setting panel, you can opt to restrict custom post types to guest or not, we have list all wordpress custom post type in the ” BuddyPress Members Only Restrict Custom Post Types Settings” panel, what you need to do is just a few clicks Knowledge Base: for help you understand how to use the buddypress membership system easier, also in each setting panel, we added detailed description for each option, just follow our guide, you can build a private buddypress network very quickly BuddyPress Members Only supported HTTPS and HTTP, we will detect HTTPS and HTTP automatically. BuddyPress members only plugin support WordPress too, if you disable buddypress on your site, our plugin will detect it and support wordpress members only automatically > * The plugin support translate and launch localized versions, .po files can be found in languages sub-folder. Any feature request is super welcome, please contact us via plugin support page More Pro Version Features Pro Version Detailed Feature List With Screenshot All functions in free version Fine-grained Access Control for Your Buddypress Site: restrict each buddypress componets, control each menu visibility, control each user role’s profile visibility, restricts each wordpress pages(even home page or site rss), based on approved members / approved user roles, finish all works just via a few clicks in powerful control panels. Restricts BP standard Components Based on User Roles: for example, you can just enable Buddypress Activity Component pages to subscriber user role, then open buddypress groups component pages to support user role, and open users profile component pages to customer user role, and opt to buddypress member component pages open for non member users, and … and so on. Restricts BP customized Components Based on User Roles: opt to restrict customzied components via 3rd buddypress plugins, there are many amazing buddypress developer developed many customized buddypress components, you can opt to these 3rd customized components open to specific user roles Menu Visibility Control by User Roles: for example, you can only allow customer user role to see download menu, and opt to subscriber & customer user role can see product menu… and so on, also by this way, you do not need make a long menu lists to all users Approved Users Only: after enabled this buddypress membership addon, when users register as members, they need awaiting administrator approve their account manually, at the same time when unapproved users try to login your site, they can not login your site and they will get a message that noticed they have to waiting for admin approve their access first, only approved users can login your site, Admin user can approve or unapprove any users again at anytime, very easy to use. You can enable / disable approve user addon at anytime in addon manage panel. Just one click, you can lock your buddypress social network quickly, just your friend or family or worker can view your buddypress network. Powerful Login redirect / Logout Redirect Based on User Roles: pro version will support more login / logout redirect options, each user roles have options for redirect to the referer pages before they login, also support 12 buddypress components to redirect login / logout users, and support to redirect to any specific url based on your setup for each user roles… and so on Customized Opened URLs Restricts Based on User Roles and Tags: For example, you can set up https://membersonly.top/members/%username%/forums/ only opened for customer user role, or open %sitename%/family/%username%/ for family user types… and so on. Customized Closed URLs Restricts based on user roles and Tags, for example, you can close https://membersonly.top/support page to guest user role, but open it for customer user role, at the same time, you can open https://membersonly.top/shop for guest user role, support use placeholders %username% and %sitename% to protect your customized Closed URLs pages Charge Membership fees from Your BuddyPress Site: works well with BuddyPress Membership WooCmmerce Payment Gateway Plugin to charge buddyrpess membership fee based on user roles One click to add default 10 membership Levels, One click to remove default 10 membership Levels, Edit Label of Default Membership Levels, one click to reset membership levels Restricts Site RSS Feed: opt to restrict rss content, and opt to specific restricts notification to rss users, you can add restricts notification in editor, support image, link, font style, videos… and so on, restricts notification will shown in feed content …… Opt to Restricts Specific BuddyPress Component Pages from Search Engines: if you are running a buddypress private network, and if you do not hope some private content be searched in search engines, it is very easy to remove your private content from google via a few clicks in buddypress members only backend setting panel Support add Announcement on Buddypress Members Only register page, you can add announcement in editor with image, link, font style, videos… and so on, we will show announcement at top of register page. Restrict Custom Post Types Based on User Role: enhanced custom posty type module, allow admin restrict custom post types based on user roles Options to only protect your buddypress pages, so other section on your wordpress site will be open to the guest users, so you can only restrict your buddypress section, but open wordpress section to your guests, for example, blog, faq, ticket, store… and so on. Enable page level protect, when you edit a post, you can choose setting it as a members only page or not. By this way, you do not need enter page URLs to Opened Pages Panel always Restricts Your Buddypress and WordPress and bbPpress to logged in/registered members Easy to use, build a privacy site quickly, via a few clicks in powerful control panel, you can decide which section of your site open / close to specific user roles. One Click Reset all Settings Option to ” Use Permanent 301 Redirect Instead of Temporary 302 Redirect” More Buddypress Membership Addons included in the buddypress membership pro to enrich your application scenarios Detailed tips for each setting options and detailed Knowledge Base for help you understand how to use the buddypress membership system easier Support ticket: if you need any help, or if you need any more buddypress membership features, you can find our support ticket in “Knowledge Base” menu …… and more, any fearure request is welcome Please check demos More BuddyPress Plugins Maybe You Will Like BuddyPress WooCommerce Payment Plugin BuddyPress Blacklist Plugin BuddyPress Google XML Sitemaps Generator Plugin …… and more I am developing many more amazing features, you are very welcome to submit any feature request