There are times when you want to set up a site for specific people to access and no one else. You want to keep it hidden from the general public/the rest of the world.

WordPress has three built-in options which will help you adjust those needs, however, I will also cover here a few more possibilities which can help you keep your site private.

Lets start with the First three options provided, in WordPress’s docs own words:

  1. I would like my blog to be visible to everyone, including search engines (like Google, Bing, Technorati) and archivers – This is the setting used by most blogs. It lets everyone read your blog and allows your blog to be included in search engines and other content sites.
  2. I would like to block search engines, but allow normal visitors – If you want all human visitors to be able to read your blog, but want to block web crawlers for search engines, this is the setting for you.
  3. I would like my blog to be visible only to users I choose – You would use this setting to create a private blog. If selected, another area will appear where you can control which WordPress.com users will be able to log into your blog to read it (those users will only be able to read your blog, they will not get access to your dashboard to edit your blog, please see this section if you want to give people edit access):

WordPress Privacy Options

Excellent options, but not necessarily enough.

Sometimes you may want to keep your site private but do not want people to have to log in to see it. In this case, option number 2 is the best for you but, if you use cPanel, you also know that the structure might allow someone to find your site from another location. We will deal with that here.

Suppose your blog installation is in a location like public_html/blog

You may block people from finding it, but anyone who accesses the site at public_html might end up finding it anyway by using /blog. We can stop this attempt in its tracks using the .htaccess file.

To block subdirectories from being accessed from the root domain, use the following .htaccess code:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?yourdomain.com$ [NC]
RewriteCond %{REQUEST_URI} ^/yourblogdirectory/(.*)$
RewriteRule ^(.*)$ – [L,R=404]

OR, if you have multiple subdirectories you want to block access to from your root domain, you can do something like the following. (Adding or adjusting as many of the [OR] lines as needed:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?yourdomain.com$ [NC]
RewriteCond %{REQUEST_URI} ^/yourblogdirectory/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/yourblogdirectory/otherblog/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/otherdirectory/(.*)$
RewriteRule ^(.*)$ – [L,R=404]

Excellent! This will keep people from accessing your blog through a subdirectory!

But what if you want to block access to a subdomain instead of a subdirectory?

My favorite thing to do in this case, just for fun and enjoyment, is to redirect subdomain visitors to another location like google. In cPanel’s structure, if you have an Addon Domain, we all know it is also accessible through a subdomain from your primary domain. This will stop people from being able to access that subdomain to try to get to your Addon Domain site.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^sub.yourdomain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.sub.yourdomain.com$
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^(.*)$ http://www.google.com/ [R=301,L]

Now anyone who tries to access your site by the subdomain route, instead of the correct URL, will be redirected to google. They’ll never know what hit ’em.

Be Sociable, Share!