Force Login


Easily hide your WordPress site from public viewing by requiring visitors to log in first. As simple as flipping a switch.

Make your website private until it’s ready to share publicly, or keep it private for members only.


  • Compatible con WordPress multisitio.
  • Login redirects visitors back to the url they tried to visit.
  • Extensive Developer API (hooks & filters).
  • Customizable. Set a specific URL to always redirect to on login.
  • Filter exceptions for certain pages or posts.
  • Restringir la API REST a usuarios identificados.
  • Translation Ready & WPML certified.

Informes de fallos

Bug reports for Force Login are welcomed on GitHub. Please note that GitHub is not a support forum.


Upload the Force Login plugin to your site, then Activate it.

1, 2: You’re done!


1. ¿Cómo puedo especificar una URL de redirección al iniciar sesión?

Por defecto, el plugin devuelve a los visitantes a la URL a la que intentaron acceder. Sin embargo, puedes redirigir a los usuarios a una URL específica añadiendo el filtro integrado de WordPress login_redirect a tu archivo functions.php.

2. How can I add exceptions for certain pages or posts?

Puedes anular el inicio de sesión forzado basándote en cualquier condición añadiendo el siguiente filtro a tu archivo functions.php.

Puedes utilizar las etiquetas condicionales de WordPress en tu código.

 * Bypass Force Login to allow for exceptions.
 * @param bool $bypass Whether to disable Force Login. Default false.
 * @param string $visited_url The visited URL.
 * @return bool
function my_forcelogin_bypass( $bypass, $visited_url ) {

  // Allow 'My Page' to be publicly accessible
  if ( is_page('my-page') ) {
    $bypass = true;

  return $bypass;
add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass', 10, 2 );

Consulta Force Login Wiki en GitHub para ver ejemplos adicionales para permitir que las URL sean de acceso público.

3. ¿Cómo oculto el enlace «← Volver a {siteame}»?

The WordPress login screen includes a «← Back to {sitename}» link below the login form; which may not actually take you back to the site while Force Login is activated. You can hide this link by adding the following action to your functions.php file.

Requires: WordPress 2.5 or higher

// Hide the 'Back to {sitename}' link on the login screen.
function my_forcelogin_hide_backtoblog() {
  echo '<style type="text/css">#backtoblog{display:none;}</style>';
add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );


4 de abril de 2024
Simple plugin, no fuss, works as promised. Such a simple function that could easily be implemented but here we are, using a brilliant plugin. Thanks.
15 de diciembre de 2023
A great plugin that I've used for many years to protect sites in development. The author has been very helpful and patient when I requested help with a specialized coding question.
31 de julio de 2023
works great so far 👍 while other plugins had conflict with GSAP animation 😯…
6 de abril de 2023
So simple and so clever! As a plugin developer, a big part of my job is creating admin settings screens. So I spent a good few minutes trying to find the settings screen to fully enable this plugin. Then it dawned on me, there wasn't one. You just install, and the rest of the world is locked out. Genius! Fantastic work Kevin.Ben Roberts
Leer todas las 97 reseñas

Colaboradores y desarrolladores

«Force Login» es un software de código abierto. Las siguientes personas han colaborado con este plugin.


«Force Login» está traducido en 12 idiomas. Gracias a los traductores por sus contribuciones.

Traduce «Force Login» a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios


  • Fix – Fixed issue for sites with a custom login URL.


  • Fix – Fixed issue for sites with a custom login URL.


  • Fix – Fixed too many redirects issue for Multisite users.


  • Feature – Added filter for Multisite unauthorized error message.
  • Tweak – Allow logged-in Multisite users to access bypassed pages of other sites.


  • Tweak – Deprecated whitelist filter, use v_forcelogin_bypass instead.


  • Tweak – Improved the visited $url variable.
  • Tweak – Changed code to comply with WordPress standards – props Alex Bordei.


  • Feature – Added nocache_headers() to prevent caching for the different browsers – props Chris Harmoney.
  • Tweak – Removed $url parameter from whitelist filter.


  • Feature – Added $url parameter to bypass and whitelist filters.
  • Tweak – Updated Multisite conditionals which determine user access to sites.
  • Tweak – Moved ‘v_forcelogin_redirect’ filter to improve performance.


  • Fix – Improved the REST API restriction to allow alternative modes of authentication.


  • Tweak – Restrict access to the REST API for authorized users only – props Andrew Duthie.
  • Tweak – Added load_plugin_textdomain() to properly prepare for localization at


  • Feature – Added filter to bypass Force Login redirect for allowing pages without specifying a URL.
  • Tweak – Changed the hook for Force Login to run at a later stage in the WordPress tree.
  • Fix – Replaced deprecated function – props Just-Johnny.


  • Tweak – Made plugin translation ready.


  • Fix – Multisite ‘Super Admin’ users do not need assigned sites to access the network.


  • Feature – Added exceptions for AJAX, Cron and WP-CLI requests.
  • Fix – Only allow Multisite users access to their assigned sites.


  • Fix – Check for existence of explicit port number before appending port – props Björn Ali Göransson.


  • Tweak – Removed v_getUrl() function to reduce possible duplicates of global functions – props Joachim Happel.


  • Fix – Rewrote v_getUrl() function to use HTTP_HOST instead of SERVER_NAME – props Arlen22.


  • Feature – Added filter for the redirect URL on login.
  • Feature – Added filter to allow whitelisting of additional URLs.


  • Fix – Rewrote v_getUrl function to include the server port – props Nicolas.


  • Feature – Added redirect to send visitors back to the URL they tried to visit before logging in.


  • Fix – Fixed password reset URL from being blocked – props estebillan.


  • Tweak – Streamlined code


  • Fix – Allow access to the registration and the lost password page URLs – props jabdo.