My Private Site

My Private Site makes your WordPress site private so only logged-in users can see your content. With one click, you can restrict access to all posts and pages, automatically redirect visitors to the login screen, and keep your site visible only to people you trust. Unlike full membership or subscription systems, My Private Site focuses on strong privacy without unnecessary complexity. It is ideal for family sites, schools, clubs, client previews, or development environments where you want to share content with a trusted audience without managing payments, profiles, or custom roles. Ideal Use Cases

• Family sites and school projects: Share personal updates, photos, or assignments only with family members, classmates, or teachers you choose.
• Development and staging sites: Safely show work-in-progress to clients or teammates without exposing unfinished content or letting it be indexed by search engines.
• Clubs, groups, and internal blogs: Create a private online space for members or staff without the overhead of a complex membership system.

Digital Fortress protection My Private Site helps protect the “front door” of your private site with built-in safeguards for login and user registration, including registration spam protection and optional reCAPTCHA support. It also includes AI Crawler Defense to discourage automated collection of your site’s content. Key Features

• Make your entire WordPress site private with a single setting
• Redirect logged-out visitors automatically to the login page
• Choose where users land after login (requested page, home, dashboard, or custom URL)
• Support user self-registration on private sites when enabled
• Protect registration with built-in spam controls and optional reCAPTCHA
• Optionally block unauthenticated access to the WordPress REST API
• Simple, no-code setup using standard WordPress settings
• Privacy shortcode lets you selectively show or hide content within a page or post.

Built-in AI Crawler Defense The internet is rapidly changing, with AI crawlers and bots harvesting content without consent. My Private Site helps you defend your work with integrated AI Crawler Defense features: * NoAI and NoImageAI tags: Automatically add meta tags and headers that signal compliant AI systems not to use your text or images for training. * Block GPTBot: Add a robots.txt rule to prevent OpenAI’s crawler from accessing your site. * Really Simple Licensing (RSL): Publish a machine-readable license that explicitly prohibits AI training on your content. These protections are included free in the core plugin, easy to enable with a checkbox, and designed to safeguard your site without affecting normal visitors or search engines. You can use them even if you're not using any other site privacy features. Watch the Video Overview and Demo https://youtu.be/jry3DHD-OB8 Premium Add-ons Premium add-ons turn My Private Site into a comprehensive privacy suite, giving you enterprise-style layered security defenses, smarter oversight, and flexible access, without the complexity or cost. Advanced AI Crawler Defense, Visitor Intelligence, and Block IP provide protections regardless of whether you're using any site privacy features. https://youtu.be/B6s8O9VZLc0

• Public Pages 2.0: Allows site operators to designate certain specific pages, or pages with specified prefix, to be available to the public without login. Now also allows public site, private pages. Watch the video
• Advanced AI Crawler Defense: Protect WordPress content from AI crawlers using licensing, opt-out tags, selective bot blocking, and firewall defenses to control and safeguard your data. Watch the video
• Visitor Intelligence: Track logins, logouts, failed attempts, and bot activity with a unified log, anomaly detection, and export tools for stronger site oversight and security. Watch the video
• Guest Access: Grant temporary, secure access to private WordPress content using unique shareable links with expiration, one-time use, and full admin-controlled invite management. Watch the video
• Block IP: Block unwanted visitors by IP address or range with full IPv4/IPv6 support, configurable scope, and fast enforcement to secure your WordPress site. Watch the video
• Tags & Categories: Allows you to make pages public or (with Public Pages 2.0) private based on tags and categories. Watch the video
• Selective Content: Allows hiding, showing, and obscurifying page content through the use of shortcodes. Can also selectively hide widgets and sidebars. Watch the video
• Digital Fortress Bundle: All add-ons are available in bundle form. Watch the video

Limits This plugin does not hide non-WordPress web pages, such as .html and .php files. It also won’t restrict images and other media and text files directly accessed by their URL. If your hosting provider’s filesystem protections haven’t been set up correctly, files may also be accessed by directory listing. Support Note Support has moved to the ZATZLabs site and is no longer provided on the WordPress.org forums. If you need a timely reply from the developer, please open a ticket. Mailing List If you'd like to keep up with the latest updates to this plugin, please visit David's Lab Notes and add yourself to the mailing list.

IMPORTANT: Support has moved to the ZATZLabs site and is no longer provided on the WordPress.org forums. If you need a timely reply from the developer, please open a ticket. This section describes how to install the My Private Site plugin and get it working.

• Use Add Plugin within the WordPress Admin panel to download and install this My Private Site plugin from the WordPress.org plugin repository.
• Activate the My Private Site plugin through the Installed Plugins admin panel in WordPress. If you have a WordPress Network ("Multisite"), you can either Network Activate this plugin, or Activate it individually on the sites where you wish to use it.
• To enable privacy, go to the My Private Site, go to the Site Privacy tab and check Enable Privacy. If you use Elementor or find that privacy doesn't seem to work, switch the Compatibility Mode setting to Theme Fix.

4.1.0

• Added Registration Spam Guard and reCAPTCHA login protection to the free plugin.

4.0.4

• Fixed Site Privacy save actions being intercepted by the robots.txt retest control.
• Improved AI Crawler Defense retest notice when a physical robots.txt file is present.

4.0.3

• Added AI Crawler Defense subsystem
• Added built-in video tutorials for all sections
• Added Manage Settings subtab to Advanced to save, restore, and reset settings
• Substantially optimized plugin startup operations
• Added subtabs engine for easier grouping of functions
• Updated main My Private Site page to make it more readable
• Fixed bug in mail list sign up experience
• Refactored some of the source code for more maintainable files
• Removed direct serialization of settings array for increased security
• Updated EDD licensing library
• Upgraded CMB2 library from 2.10.1 to 2.11.0

3.2.1

• Safeguarded selective content processing with nonce and capability checks
• Hardened core admin handlers with current_user_can for membership, site privacy, landing, advanced, and more

3.2

• Added feature to hide the admin bar from the front-end for logged-in users
• This feature works whether the site is set to private or not

3.1.1

• Minor UI tweak to provide better clarity for theme option

3.1.0

• Added REST API Guardian protection to core plugin
• Increased size of heading font in dashboard
• Replaced tags set (login, pages, private, security, visibility, plugin, page, posts, post) with (registered only, privacy, protected, restricted, password protect)

3.0.14

• Minor compatibility update for WordPress 6.4.

3.0.13

• Minor update to better support my_private_site_public_check_access_by_page filter.

3.0.12

• Slight improvement to HTML support pages

3.0.11

• Fixed a CMB2 type error that popped up from time to time (Thanks, Michael!)

3.0.10

• Fixed a bunch of over-eager security checks

3.0.9

• Fixed compatibility switch bug

3.0.8

• Fixed some security bugs

3.0.7

• Added more hooks for increased granular control of access
• Fixed some minor bugs

3.0.6

• Moved compatibility mode option to Site Privacy tab and added additional theme compatibility fixes

3.0.5

• Added a compatibility mode option on the Advanced tab which will hopefully finally fix the Elementor issues

3.0.4

• Possible fix for Elementor incompatibility issues
• Fixed some small bugs

3.0.3

• Added Advanced feature allowing users to specify custom password reset page

3.0.2

• Fixed duplicate header bug found on some systems

3.0.1

• Minor bug fixes
• Added uninstall telemetry

3.0.0

• Complete rewrite with an entirely new, streamlined UI
• Added the selective content subsystem

2.14.2

• Minor fix for password reset. Thanks to user o2Xav.

2.14.1

• Minor support update

2.14

• Force login at 'get_header' instead of 'template_redirect' Action to be compatible with wpengine.com hosting
• Allow Custom Login page that is NOT on the current WordPress site, and clean up Settings page validation of related fields
• Fix double display of Error Messages on Settings page

2.13

• Remove Plugin's entry on Users submenu on WordPress Admin panels
• Remove associated Setting, which determined whether Users submenu entry existed

2.12

• Wait until Pretty Permalinks applied before deciding whether to force a login
• Add an Override Advanced Setting with Warnings on Usage, to allow Landing Location and Custom Login to both be specified.
• Correct coding error that allowed Landing Location with Custom Login, a potential Redirection error
• Fix Error Log warning on [mb]strpos Offset parameter

2.11.4

• Use Custom Login setting, if present, to redirect failed login attempts with blank username and/or password

2.11.3

• Use Custom Login setting, if present, to redirect failed login attempts

2.11.2

• Provide a Setting to disable User with No Role behaviour introduced in 2.11

2.11.1

• Remove forced logout when User with No Role attempts to access a Site (Network/Multisite install), to fix repeated messages when wp_logout is hooked by other plugins

2.11

• In a WordPress Network ("Multisite"), block Users with No Role on the current Site
• Make Landing Location work when free Paid Membership Pro plugin is activated

2.10.1

• Add setting to obey Landing Location for users who login via a URL of wp-login.php without a &redirect_to= following

2.10

• Add setting to not display a Users submenu option for the plugin's settings
• Conditional logic for Settings Saved update message in Validate function

2.9

• Set Landing Location for logins via Meta Widget link, as well as automatic Login prompts

2.8

• Add Prefix option to Always Visible URLs
• Automatically use mb_ Multi-Byte string functions, if available

2.7

• Add Custom Login URL setting

2.6.1

• Older versions of WordPress require a parameter be passed to get_post()

2.6

• Detect and make visible Login-associated Pages created by the Theme My Login plugin

2.5

• Allow other URLs to be Always Visible with new Setting

2.4.2

• Reveal BuddyPress /activate/ Activation page when Reveal Registration selected

2.4.1

• Fix bug in URL matching for Root, where one URL has a trailing slash and the other does not

2.4

• Handle BuddyPress' redirection of Register URL in Reveal Registration

2.3

• Add Setting to Reveal Home Page on a Private Site
• Fixed Problems with wp_registration_url function in WordPress prior to Version 3.6

2.2

• Add the WordPress User Self-Registration field to the plugin's Settings page
• Add the Settings page to the User submenu of Admin panel, too

2.1

• Add a settings checkbox to reveal the Register page for User Self-Registration

2.0

• Add Settings page, specifying Landing Location and turning Private Site off and on
• Warning for new default of OFF for Private Site until Settings are first viewed
• Add Networking Settings information page
• Track plugin version number in internal settings
• Replace WordPress Activation/Deactivation hooks with Version checking code from jonradio Multiple Themes
• Add Plugin entry on individual sites when plugin is Network Activated, and Settings link on all Plugin entries

1.1

• Change Action Hook to 'wp' from 'wp_head' to avoid Modify Header errors when certain other plugins are present

1.0

• Add readme.txt and screenshots
• Add in-line documentation for php functions