You can force all visitors to log in before accessing any page on your WordPress site. This is useful for private sites like intranets, membership portals, client dashboards, or staging environments where no content should be publicly visible. The code below redirects all non-logged-in visitors to the login page and works with WP Ghost’s custom login path. When combined with WP Ghost’s Redirect Logged Users To Dashboard feature, already-authenticated users skip the login page entirely and go straight to the dashboard.
When to Force Login
Forcing login is appropriate for sites that should have no public-facing content: company intranets where only employees should access internal pages, client portals where each client sees private project data, membership or course platforms during development or invite-only phases, and staging or development environments that shouldn’t be visible to the public or search engines.
Add the Force Login Code
Add the following code to your child theme’s functions.php file or a code snippets plugin:
add_action('template_redirect', function() {
if (!is_user_logged_in()) {
if (isset($_SERVER['REQUEST_URI'])) {
$url = untrailingslashit($_SERVER['REQUEST_URI']);
$login_path = HMWP_Classes_Tools::getOption('hmwp_login_url');
if (strpos($url, $login_path) === false) {
wp_redirect(wp_login_url());
exit();
}
} else {
wp_redirect(site_url());
exit();
}
}
});This code runs on every page load. If the visitor is not logged in and is not already on the login page, they’re redirected to the login page. When WP Ghost’s Safe Mode or Ghost Mode is active with a custom login path, the redirect goes to the custom login URL automatically because the code uses wp_login_url().
Combine with Redirect Logged Users To Dashboard. Enable WP Ghost > Tweaks > Redirects > Redirect Logged Users To Dashboard so that already-authenticated users who visit the login page are sent straight to the admin dashboard. This gives your private site a seamless experience: visitors see the login page, logged-in users go to the dashboard, and no public content is ever exposed.
Use a child theme or code snippets plugin. Adding code to functions.php in the parent theme means your changes are lost when the theme updates. Use a child theme or a code snippets plugin to keep the code persistent.
Frequently Asked Questions
Does this work with WP Ghost’s custom login path?
Yes. The code checks for WP Ghost’s custom login URL and avoids redirecting users who are already on the login page. The redirect itself uses wp_login_url(), which returns the custom login path when WP Ghost is active.
Can I allow some pages to be public?
Yes. Add is_page() exceptions inside the code. For example, to keep the homepage and a pricing page public, add if (is_front_page() || is_page('pricing')) return; at the beginning of the function, before the login check.
Does this work with WooCommerce?
Yes, but it blocks access to all WooCommerce pages including the shop, product pages, and checkout. If you need some WooCommerce pages to remain public, add exceptions using WooCommerce conditionals like is_shop(), is_product(), or is_checkout().
Does WP Ghost modify WordPress core files?
No. The force login code is added to functions.php and uses WordPress hooks. WP Ghost itself uses rewrite rules and hooks. No core files are modified.
Related Tutorials
Login page and redirect configuration:
- Redirect Logged Users to Dashboard – Send authenticated users straight to the dashboard.
- Change and Hide the Login Path – Set a custom login URL.
- Login Page Design – Customize the login page appearance.
- Disable WP Ghost on Specific Pages – Whitelist pages from path changes.