Description
Must Login is a lightweight, user-friendly plugin that allows you to require login for your entire site with just one click. Perfect for membership sites, private blogs, intranets, or any site that needs to restrict access to registered users only.
Features
- One-Click Toggle – Enable or disable login requirement instantly from the admin bar
- REST API Protection – Configurable authentication requirement for REST API endpoints
- Automatic Cache Clearing – Automatically clears popular caching plugins when toggling protection
- Admin Bar Status Indicator – Always see at a glance whether login is required
- Simple Settings Page – Easy-to-use settings interface
- Admin Override – Administrators always have access, even when login is required
- Smart Redirects – Users are redirected to login and then back to their intended page
- Selective Endpoint Access – Allow specific REST API endpoints for forms and authentication
- Cache Compatibility – Works with WP Super Cache, W3 Total Cache, WP Rocket, and more
- No Configuration Needed – Works perfectly out of the box
- Lightweight – Minimal impact on site performance
- Translation Ready – Fully internationalized and ready for translation
How It Works
- Install and activate the plugin
- Click the lock icon in the admin bar to toggle login requirement
- That’s it! Your site is now protected
When enabled, all visitors must log in to view any page on your site. Administrators can quickly toggle this on or off from anywhere on the site using the admin bar.
Developer Documentation
Filters
cfb_must_login_redirect_url – Customize the login redirect URL
add_filter('cfb_must_login_redirect_url', function($redirect_url, $redirect_to) {
return 'https://example.com/custom-login';
}, 10, 2);
cfb_must_login_allowed_rest_routes – Allow additional REST API endpoints
add_filter('cfb_must_login_allowed_rest_routes', function($routes) {
$routes[] = '/my-plugin/v1/public';
return $routes;
});
Actions
cfb_must_login_clear_cache – Triggered when cache is cleared
add_action('cfb_must_login_clear_cache', function() {
// Custom cache clearing logic
});
Capabilities
The plugin uses the cfb_must_login_manage capability, which is mapped to manage_options by default. You can customize this using the map_meta_cap filter.
Installation
Automatic Installation
- Log in to your dashboard
- Navigate to Plugins Add New
- Search for “Must Login”
- Click “Install Now” and then “Activate”
Manual Installation
- Download the plugin zip file
- Log in to your dashboard
- Navigate to Plugins Add New Upload Plugin
- Choose the zip file and click “Install Now”
- Activate the plugin
FAQ
-
Will this affect search engines?
-
Yes, when login is required, search engines cannot crawl your site. This is useful for private sites but should be disabled if you want search engine visibility.
-
What is REST API protection?
-
REST API protection requires authentication to access WordPress REST API endpoints when login is required. This prevents unauthenticated access to your site’s data through the API. You can enable or disable this feature separately in the settings.
-
Which REST API endpoints are always accessible?
-
Even with REST API protection enabled, the following endpoints remain accessible:
* Authentication endpoints (JWT, Simple JWT Login)
* Contact form endpoints (Contact Form 7, WPForms, Gravity Forms)
* oEmbed endpointsDevelopers can allow additional endpoints using the
cfb_must_login_allowed_rest_routesfilter. -
Does this work with caching plugins?
-
Yes! The plugin automatically detects and clears cache from popular caching plugins including:
* WP Super Cache
* W3 Total Cache
* WP Rocket
* LiteSpeed Cache
* WP Fastest Cache
* Autoptimize
* Cache Enabler
* Comet Cache
* SG Optimizer
* WP OptimizeWhen you toggle the login requirement, the cache is automatically cleared to ensure the changes take effect immediately.
-
Can I exclude certain pages?
-
Version 1.0.0 requires login for the entire site. Future versions may include page exclusion options.
-
What happens to users trying to access the site?
-
Non-logged-in users are automatically redirected to the login page. After logging in, they’re redirected back to the page they were trying to access.
-
Does this work with membership plugins?
-
Yes! Must Login works alongside membership plugins and simply ensures users are logged in before viewing any content.
-
Can I customize the redirect URL?
-
Yes, developers can use the
cfb_must_login_redirect_urlfilter to customize the redirect URL. -
How do I allow additional REST API endpoints?
-
Developers can use the
cfb_must_login_allowed_rest_routesfilter to add custom endpoints to the allowlist:add_filter('cfb_must_login_allowed_rest_routes', function($routes) { $routes[] = '/my-plugin/v1/public-endpoint'; return $routes; });
Reviews
There are no reviews for this plugin.
Contributors & Developers
“CFB Must Login” is open source software. The following people have contributed to this plugin.
Contributors
Translate “CFB Must Login” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.0
- Initial release
- One-click toggle via admin bar
- Configurable REST API protection
- Automatic cache clearing for popular caching plugins
- Support for WP Super Cache, W3 Total Cache, WP Rocket, and more
- Selective REST API endpoint access
- Admin notices for caching plugins
- Translation ready