Intranet & Private Site – All-In-One Intranet
WordPress is one of the most popular platforms for building corporate intranets and private company websites. The problem is that WordPress was designed for public-facing sites. Making it work as a private intranet typically requires installing multiple plugins, configuring each one separately, and hoping they all play nicely together. All-In-One Intranet solves this by giving you everything you need in a single plugin to turn your WordPress site into a fully private intranet. Enable privacy with one checkbox, set up auto-logout to protect sensitive information, configure where users land after login, and manage multisite access controls – all from one settings page. Whether you are building a corporate intranet, a private knowledge base, a restricted client portal, or an internal communications hub, this plugin handles the foundational privacy and access control so you can focus on your content. What is an Intranet? An intranet is a private website or network used internally by an organization. Unlike a public website, an intranet is only accessible to authorized users – typically employees, contractors, or specific team members. Common uses for a WordPress intranet include: Internal company communications and announcements Employee handbooks, policies, and procedures Knowledge bases and documentation wikis Project collaboration and team coordination HR portals for onboarding and training materials Client portals with restricted access to project files WordPress is well suited for all of these because of its familiar editing interface, extensive plugin ecosystem, and flexible user role system. All-In-One Intranet provides the access control layer that makes it all work. Features All-In-One Intranet includes five core features designed to cover the most common intranet requirements: One-Click Private Site Enable the “Force site to be entirely private” checkbox, and your entire WordPress site becomes restricted to logged-in users only. Anyone who is not logged in gets redirected to the WordPress login page automatically. This single setting handles multiple layers of privacy at once: Page and post access – all frontend content requires authentication REST API protection – unauthenticated REST API requests are blocked with a 401 error, preventing data leaks through the API XML-RPC blocking – XML-RPC is disabled entirely when privacy is active, closing another potential access vector Search engine blocking – the robots.txt file is automatically updated to disallow all crawling, keeping your private content out of search indexes Pingback suppression – outgoing pingbacks and trackbacks are disabled so your private site does not announce itself to external services Feed protection – RSS, Atom, and comment feeds require authentication, so protected posts and comments cannot be read through /feed/ or crafted feed URLs Comment and trackback blocking – unauthenticated visitors cannot post comments or trackbacks to protected content through wp-comments-post.php or wp-trackback.php Admin endpoint gating – the admin-ajax.php and admin-post.php handlers require a valid login, so public “nopriv” actions registered by your theme or other plugins do not run for logged-out visitors Entry-point coverage – WordPress files that load the site outside the normal page render, such as wp-links-opml.php (the blogroll and OPML export) and wp-activate.php, are sealed so they cannot leak post content, feeds, your site title, or the WordPress version number Slug enumeration prevention – WordPress’s canonical redirect no longer reveals the slugs of private posts to unauthenticated visitors on pretty permalinks Role and membership enforcement – the REST API and comment gates apply the same role and sub-site membership checks as the rest of the site, so a logged-in user with no role, or who is not a member of the current sub-site, cannot read API content or post comments they would otherwise be blocked from The plugin also monitors your WordPress registration settings. If “Anyone can register” is enabled on a single site, or if open registration is allowed on a multisite network, the plugin displays a warning on the settings page so you can fix it before it becomes a problem. Auto-Logout for Inactive Users Shared workstations and forgotten browser tabs are a real security risk for intranets. The auto-logout feature lets you set a maximum idle time – in minutes, hours, or days – after which users are automatically logged out. The plugin tracks each user’s last activity timestamp. On every page load, it checks whether the configured idle time has been exceeded. If a user has been inactive for too long, they are logged out immediately and redirected back to the page they were viewing, which triggers the login wall if the site is private. This protects sensitive company information without requiring users to remember to log out manually. Set it to 30 minutes for high-security environments, a few hours for typical office use, or leave it blank to disable the feature entirely. Custom Login Redirect By default, WordPress sends users to the dashboard after they log in. For an intranet, this is not useful – your team is logging in to read content, not to manage the site. The login redirect feature lets you set any URL on your site as the post-login landing page. Point it to your company homepage, a news feed, or a team dashboard so users see relevant content right away. This redirect only applies when users log in directly through the standard WordPress login page. If a user tries to access a specific page and gets redirected to log in first, they will be sent back to that page after authentication – not to the custom redirect URL. This keeps the user experience smooth. Multisite Sub-site Privacy If you run a WordPress multisite network, you can require logged-in users to be members of a specific sub-site before they can view it. This is useful for organizations with multiple departments, teams, or client areas – each with their own sub-site that should only be visible to relevant people. When a user who is logged in but not a member of the current sub-site tries to access it, they see a message listing all the sub-sites they do have access to, with clickable links to navigate there. Access to the Network Admin area is never restricted by this setting. This option works in combination with the main privacy setting. Enable private site first, then enable sub-site membership requirements for granular access control across your network. Multisite Default Role Assignment Managing user access across multiple sub-sites in a WordPress network can be tedious. Every time you add a new user or create a new sub-site, you would need to manually assign roles across all the relevant sites. The default role assignment feature automates this. Choose a role (Subscriber, Editor, Administrator, or any custom role), and the plugin handles the rest: When a new user is created, they are automatically added to every active sub-site in the network with the selected role When a new sub-site is created, all existing users are automatically added to it with the selected role This saves significant administration time, especially for growing organizations where new employees and new sites are added regularly. How to Make Your WordPress Site Private Setting up a private WordPress site with All-In-One Intranet takes about one minute: Install and activate the plugin from the WordPress plugin directory Go to Settings > All-In-One Intranet in your WordPress admin (or Network Admin > Settings > All-In-One Intranet for multisite) Check the box labeled “Force site to be entirely private” Click Save Changes That is all it takes. Your site is now private. Any visitor who is not logged in will be redirected to the WordPress login page. The REST API, XML-RPC, and search engine indexing are all locked down automatically. If you see a warning about registration settings after enabling privacy, follow the link in the warning to disable open registration and close the gap. How to Set Up Auto-Logout for Inactive Users The auto-logout feature protects your intranet from unattended browser sessions: Go to Settings > All-In-One Intranet Find the Auto Logout section Enter a number in the time field (e.g., 30) Select the time unit from the dropdown: Minutes, Hours, or Days Click Save Changes Users who are inactive for longer than the configured period will be logged out on their next page interaction. Their activity timer resets on every page load, so active users are never interrupted. To disable auto-logout, clear the time field and save. How to Configure Login Redirect To send users to a specific page after they log in: Go to Settings > All-In-One Intranet Find the Login Redirect section Enter the full URL of your desired landing page (e.g., https://example.com/welcome) Click Save Changes Users who log in via /wp-login.php will now land on that page instead of the WordPress dashboard. Users who were redirected to the login page from a specific URL will still return to that URL after logging in. How to Set Up a WordPress Multisite Intranet For organizations running a WordPress multisite network: Go to Network Admin > Settings > All-In-One Intranet Enable “Force site to be entirely private” to restrict the entire network to logged-in users Optionally enable “Require logged-in users to be members of a sub-site to view it” for per-site access control Under Sub-site Membership, select a default role to automatically assign users to sub-sites Click Save Changes The privacy and membership settings apply network-wide. The default role assignment runs automatically when new users or new sub-sites are created. Existing sub-sites and users are not affected retroactively when you change the role setting. Security Features All-In-One Intranet takes a layered approach to access control: Authentication enforcement – uses WordPress’s built-in auth_redirect() function for reliable login redirection REST API lockdown – blocks unauthenticated API requests, preventing data access through endpoints like /wp-json/wp/v2/posts XML-RPC disabling – completely disables XML-RPC when privacy is active No-role user handling – on single-site installations, users who are logged in but have no assigned role are logged out and shown an error message, preventing access by deactivated accounts Registration monitoring – displays admin warnings if WordPress is configured to allow open registration, which would undermine your private site setup Nonce verification – all settings forms use WordPress nonce validation to prevent cross-site request forgery Capability checks – settings pages require manage_options (single site) or manage_network_options (multisite) capabilities Note that media uploads (images, PDFs, etc.) remain accessible to anyone who knows their direct URL. This is a limitation of how WordPress stores media files and is common to most privacy plugins. If you need to protect individual file downloads, consider a dedicated file protection plugin alongside All-In-One Intranet. For Developers All-In-One Intranet provides the aioi_allow_public_access filter for developers who need to make specific pages or endpoints accessible without authentication. This filter runs during both the template redirect check and the REST API dispatch check. Return true to allow public access for the current request: add_filter( 'aioi_allow_public_access', function( $allow ) { // Allow public access to a specific page if ( is_page( 'public-landing' ) ) { return true; } return $allow; } ); This is useful for exposing specific landing pages, webhook endpoints, or custom API routes while keeping the rest of the site private. Google Workspace Integration If your organization uses Google Workspace (formerly Google Apps), two companion plugins extend your intranet: Google Apps Login – lets employees sign in to WordPress using their Google Workspace accounts. Domain admins can manage WordPress access entirely from the Google Admin Console, and only authorized employees can access the intranet. Google Drive Embedder – allows authors to embed Google Docs, Sheets, Slides, and other Drive files directly into pages and posts. Useful for intranets where documentation lives in Google Drive. Visit wp-glogin.com for more information about these and other plugins.
Top keywords
- wordpress29×1.52%
- intranet25×1.31%
- users23×1.20%
- access21×1.10%
- site21×1.10%
- page20×1.05%
- private19×0.99%
- role14×0.73%
- login13×0.68%
- all-in-one12×0.63%
- all-in-one intranet12×0.63%
- network12×0.63%
Intranet and Extranet with O365 Login
Intranet and Extranet for WordPress, Office 365 and Social, provides these features: Limit access your site to visitors who are logged in or accessing the site from a set of specified IP addresses. Send restricted visitors to the log in page, redirect them. A great solution for Extranets, publicly hosted Intranets, or parallel development / staging sites. Force Full Site Private Change the restriction behavior: send to login Add IP addresses to restricted list to block them Public viewable pages based on Ids when site is private Set Public URLs to by-pass the private functionality Make Post or Pages private based on IDs Set authentication method for users who can view site content Role based redirect after user login Auto Logout based on time Supported Authentication Methods : WordPress (Supported out of the box) Azure AD/Office 365 Authentication plugin (addon). Here is the more details about Azure AD/Office 365 Authentication plugin. Azure ADB2C Authentication plugin (addon). Here is the more detials about Azure ADB2C Authentication plugin. Woocommerce Social login third party plugin addon Seamlessly Integrates With : Azure AD and Office 365 User Authentication : Office 365 AAD User Authentication plugin is used to Authenticate an Azure Active Directory(AAD) user against a WordPress website, which results in the user being logged into the WordPress website. Some important AAD features are listed below: Login via Azure Active Directory Automatic user registration after login if the user is not already registered with your site. Log in with a Role based on a specific AAD Group Membership in certain groups in Azure AD can be mapped to roles in WordPress, and group membership can be used to restrict access. Use Short Code (PHP or HTML) to place the login link wherever you want on the site. User Synchronization 1000+ of user’s supported with additional service offering. Update WordPress, buddypress and custom post type user fields and avatar/profile. Allow users from other tenants to register/multi-tenant support. WordPress Multi-site Our Suite of Office 365 Plugins Office 365 Video Display for WordPress The “Office 365 Video Display for WordPress” plugin is used to showcase videos from the SharePoint online’s video hub portal “https://[your-tenant].sharepoint.com/portals/hub/” in your WordPress website. Support list or single display of videos in WordPress, based on channel ids and video ids. Sharepoint Calendar Display for WordPress The “SharePoint Calendar Display for WordPress” plugin is used to show calendar events from the SharePoint calendar list type from SharePoint online in WordPress. The display types are calendar view via the full calendar javascript plugin, grid view and carousel view. We have created a shortcode with several configuration options to achieve this functionality. Onedrive for Business Display for WordPress The “OneDrive for Business Display for WordPress” plugin is used to show OneDrive for business files and folders online in WordPress. The display types are grid view and list view. We have created a shortcode with several configuration options to achieve this functionality. Outlook Calendar Display for WordPress The “Outlook Calendar Display for WordPress” plugin is used to show calendar events from the Outlook calendar from Office 365 in WordPress. The display types are calendar view via the full calendar JavaScript plugin, grid view and carousel view. Azure AD B2C User Authentication for WordPress Office 365 AAD B2C User Authentication plugin is used to Authenticate an Azure Active Directory(AAD) B2C user against a WordPress website, which results in the user being logged into the WordPress website. Dynamic CRM 365 Display for WordPress The “Dynamic CRM 365 Display for WordPress” plugin is used to show Dynamics CRM 365 entities from Office 365 in WordPress. Define a custom template or use several that we provided to customize the look and feel of your displays. Azure AD and Office 365 User Authentication for WordPress Office 365 AAD User Authentication plugin is used to verify users seamlessly and securely. This means no more having to remember usernames or passwords,making the process of logging in simple, easy and quick. SharePoint Search with List and Document Display for WordPress The “SharePoint Search Display for WordPress” plugin is used to show SharePoint search results from SharePoint online in WordPress. The display types are grid view, faceted search view, and list view. Powerapps for WordPress Powerapps for WordPress is a plugin that allows you to easily add your own custom bulk actions to your admin panel on the posts, custom post types, woocommerce, events(the event calendar plugin), BuddyPress, pages, media and users overviews. Which, on activation will pass the data of the selected records as parameters to the powerapps application for processing. PowerBi for WordPress We provide solutions and technical expertise to allow your WordPress data and website to work with PowerBi. Power BI is a suite of cloud-based business analytics tools to analyze data and share insights. Monitor your business and get answers quickly with rich dashboards available on every device. Azure AD and Office 365 User Synchronization and Registration for WordPress Synchronize users from Office 365 to WordPress (BuddyPress, Woocommerce, Memberpress) incl. Azure AD custom fields, avatar, Group Membership and user invitation. Azure ADB2C and Office 365 User Synchronization and Registration for WordPress Synchronize users from Azure ADB2C to WordPress (BuddyPress, Woocommerce, Memberpress) incl. Azure ADB2C custom fields, avatar, Group Membership and user invitation. Microsoft Bookings for WordPress The Microsoft Bookings for WordPress plugin is used to provide a customizable and streamlined booking experience for customers with the Microsoft Booking service acting as the backend and data source. We added support for payments. Microsoft Bookings is an online and mobile app for small businesses who provide services to customers on an appointment basis. Examples of businesses include hair salons, dental offices, spas, law firms, financial services providers, consultants, and auto shops. Bookly Rest API CRED Operations We created the “Bookly CRED Rest API Operations” addon to allow users to create, update and delete appointments, staff, services and customers data created with the Bookly plugin from anywhere. In it’s most basic form, a rest api separates the content from its presentation, freeing developers and users to use their data as they would like. The rest api is provided in a simple to use and understand json format. Microsoft 365 Office Add-ins Office 365 Office Add-ins with Powerapps is a plugin that allows you to easily host or create an office 365 add-ins xml manifest, that implements a specific powerapps that is displayed in the context of an office 365 service – example outlook mail application. The XML manifest file of an Office Add-in describes how your add-in should be activated when an end user installs and uses it with Office documents and applications. Microsoft Teams for WordPress Microsoft Teams enables you to get all your content, tools and conversations in the Team workspace within Office 365. Microsoft Teams for WordPress is used to create WordPress pages as Microsoft Teams Tabs and Apps as well as sending WordPress data(events, orders etc) to a Teams channel formatted as a specific adaptive card. This is achieved by using one or more of our plugins for (custom post type, woo-commerce, user and forms(gravity form, contact 7 and ninja forms)) to interface with the Microsoft Teams Rest APIs. Office 365 Microsoft Search Display for WordPress The “Office 365 Microsoft Search Display for WordPress” plugin is used to show indexed results from the supported connectors(SharePoint, outlook, etc) from Office 365 in WordPress. The display type currently available is a list view. Office 365 Persons Display for WordPress The “Office 365 Persons Display for WordPress” plugin is used to show Office 365/Azure AD users and Outlook contacts in WordPress. The display types are list/accordion and grid view. We have created a shortcode with several configuration options to achieve this functionality. Office 365 Yammer Display for WordPress The “Office 365 Yammer Display for WordPress” plugin is used to show Office 365 Yammer groups and topics in WordPress. The display types are single and grid view. Outlook Calendar Room and Resource Booking for WordPress The “Outlook Calendar Room and Resource Booking for WordPress” plugin is used to reserve rooms or resources within an organization. If you have a conference room, company car, or equipment that everyone needs to use, then you need to come up with a way to make those resources reservable to everyone. The best way to do that is to create a room or equipment mailbox in Microsoft 365 for each resource. You might create one for your first floor conference room, media equipment, or a moving truck. Sharepoint Calendar Room and Resource Booking for WordPress The “Sharepoint Calendar Room and Resource Booking for WordPress” plugin is used to reserve rooms or resources within an organization. If you have a conference room, company car, or equipment that everyone needs to use, then you need to come up with a way to make those resources reservable to everyone. The best way to do that is to create a room or equipment mailbox in Microsoft 365 for each resource. You might create one for your first floor conference room, media equipment, or a moving truck. Our Suite of Rest APIs, Web hook and Trigger based Plugins Webhooks and REST API Manager – Events The Webhooks and REST API Manager – Events is a WordPress plugin used to add support for “the events calendar” and “the events calendar pro“ plugin, in varying integration scenarios. Webhooks and REST API Manager – Media The Webhooks and REST API Manager – Media is a WordPress plugin used to add support for media type in varying integration scenarios Webhooks and REST API Manager – Posts The Webhooks and REST API Manager – Posts and Page is a WordPress plugin used to add support for post types in varying integration scenarios. The custom field plugins that are supported for posts, pages, or custom post types are: Advanced Custom Fields Pro, Advanced Custom Fields (Free), WordPress’s own, default custom fields, Toolset Types Webhooks and REST API Manager – Users The Webhooks and REST API Manager – Users is a WordPress plugin used to add support for the WordPress user meta values, user roles, buddypress xprofile meta, Advanced Custom Fields Pro, Advanced Custom Fields (Free), WordPress’s own, default custom fields and Toolset Types. Webhooks and REST API Manager – Woocommerce The Webhooks and REST API Manager – Woocommerce is a WordPress plugin used to add support for woocommerce in varying integration scenarios Webhooks and REST API Manager – Bulk Actions Webhooks and REST API Manager – Bulk Actions is a WordPress plugin that allows you to easily add your own custom bulk actions to your admin panel on the posts, custom post types, woocommerce, events(the event calendar plugin), BuddyPress, pages, media and users overviews. Which, on activation will 1) immediately send an Http Call via webhooks to an external service with JSON data specific to the records selected for bulk action or 2) Add interactivity to your submission before it is sent to the external service, this interaction can be in the form of a text field, textarea, file or image data. Each configured interaction can be saved for future usage. Such external services include Zapier.com, Ifttt.com, Integromat.com and Microsoft flow. Webhooks and REST API Manager – Forms The Webhooks and REST API Manager – Forms is a WordPress plugin used to add support for gravity forms, contact 7 form, formcraft pro and ninja forms with added support for the uploading of single or multiple files in varying integration scenarios. Webhooks and REST API Manager – BuddyPress The Webhooks and REST API Manager – BuddyPress is a WordPress plugin used to add support for “Buddypress/BbPress” plugins, in varying integration scenarios.