Force Login


Masquez facilement votre site WordPress au public en demandant aux visiteurs de se connecter d’abord. C’est aussi simple que d’appuyer sur un bouton.

Rendez votre site privé jusqu’à ce qu’il soit prêt à être partagé publiquement, ou gardez-le privé uniquement pour les membres.


  • Compatible avec WordPress en multisite.
  • La connexion redirige les visiteurs sur l’URL qu’ils tentaient de visiter.
  • Extensive Developer API (hooks & filters).
  • Personnalisable. Définissez une URL spécifique vers laquelle rediriger en permanence après connexion.
  • Filtre d’exceptions pour certaines pages ou articles.
  • Restrict REST API to authenticated users.
  • Prêt à traduire & certifié WPML.

Bug Reports

Bug reports for Force Login are welcomed on GitHub. Please note that GitHub is not a support forum.


Upload the Force Login plugin to your site, then Activate it.

1, 2 : c’est fait !


1. How can I specify a URL to redirect to on login?

By default, the plugin sends visitors back to the URL they tried to visit. However, you can set a specific URL to always redirect users to by adding the following filter to your functions.php file.

The URL must be absolute (as in, Recommended: home_url( ‘/mypage/’ ).

 * Set the URL to redirect to on login.
 * @return string URL to redirect to on login. Must be absolute.
function my_forcelogin_redirect() {
  return home_url( '/mypage/' );
add_filter( 'v_forcelogin_redirect', 'my_forcelogin_redirect' );
2. How can I add exceptions for certain pages or posts?

You can bypass Force Login based on any condition or specify an array of URLs to whitelist by adding either of the following filters to your functions.php file. You may also use the WordPress Conditional Tags.

Contourner Force Login

 * Bypass Force Login to allow for exceptions.
 * @param bool $bypass Whether to disable Force Login. Default false.
 * @return bool
function my_forcelogin_bypass( $bypass ) {
  if ( is_single() ) {
    $bypass = true;
  return $bypass;
add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass' );

Liste blanche d’URL

Each URL must be absolute (as in, Recommended: home_url( ‘/mypage/’ ).

 * Filter Force Login to allow exceptions for specific URLs.
 * @param array $whitelist An array of URLs. Must be absolute.
 * @return array
function my_forcelogin_whitelist( $whitelist ) {
  $whitelist[] = home_url( '/mypage/' );
  $whitelist[] = home_url( '/2015/03/post-title/' );
  return $whitelist;
add_filter( 'v_forcelogin_whitelist', 'my_forcelogin_whitelist' );
3. How can I add exceptions for dynamic URLs?

Some URLs have unique query strings appended to the end of it, which is composed of a series of parameter-value pairs.

For example:

Checkout the Force Login Wiki on GitHub for examples of the different methods for whitelisting dynamic URLs.

4. How do I get the WordPress mobile app to work?

By default, the plugin blocks access to all page URLs; you may need to whitelist the XML-RPC page to allow the WordPress app to access your site for remote publishing.

 * Filter Force Login to allow exceptions for specific URLs.
 * @param array $whitelist An array of URLs. Must be absolute.
 * @return array
function my_forcelogin_whitelist( $whitelist ) {
  $whitelist[] = site_url( '/xmlrpc.php' );
  return $whitelist;
add_filter( 'v_forcelogin_whitelist', 'my_forcelogin_whitelist' );
5. How do I hide the « ← Back to {sitename} » link on the login screen?

The WordPress login screen includes a « ← Back to {sitename} » link below the login form; which may not actually take you back to the site while Force Login is activated. You can hide this link by adding the following action to your functions.php file.

Requires: WordPress 2.5 or higher

// Hide the 'Back to {sitename}' link on the login screen.
function my_forcelogin_hide_backtoblog() {
  echo '<style type="text/css">#backtoblog{display:none;}</style>';
add_action( 'login_enqueue_scripts', 'my_forcelogin_hide_backtoblog' );


27 août 2019
We're using the plugin to spin up a self-serve multisite instance of WordPress for students to create "intranet" sites for course work. We needed a way to lock down all newly created sites so that only people with university credentials could view the sites that student or staff created. It's nice that this plugin can sit on top of other privacy plugins, like more-privacy-options, to always force authentication until you whitelist a site with the available filter functions. For our use we were able to create a simple mu-plugin that allowed the main site of our network to bypass the requirement, as well as any other sites that that we've approved and added to our custom mu-plugin.
13 juin 2019
Great Plugin and even better support. I thought I'd have some problems needing access to some of the dynamic url's generated by woocommerce. Kevin helped me with those.
6 juin 2019
Love it - resolved a multisite subsite login issue I'd been messing around with for ages. Thank you 🙂
24 mai 2019
This is exactly what I want! I just want to block public view before the site is ready. No need any other functions. Thank you so much to keep it simple!
18 avril 2019
I tried almost every plugin or snippet available to hide a site from public when working on a new site. Force Login is the one and only solution that respects new configured login redirect URLs when "hide wp-login or hide wp-admin" is configured with tools like Hide My WP, Hide my WordPress, and others. Other tools or snippets (for locking a site from public) show always the WP-urls in the redirect-to URL. Moreover, Force Login works beautifully with White Label WordPress Plugin - WpAlter by acmee (CodeCanyon) if you want to customise the login screen. So Force Login became for me the single best solution to lock a site from public, and a vital (a sine qua non) plugin for years to come!
Lire les 67 avis

Contributeurs & développeurs

« Force Login » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.


“Force Login” a été traduit dans 7 locales. Remerciez l’équipe de traduction pour ses contributions.

Traduisez « Force Login » dans votre langue.

Le développement vous intéresse ?

Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.



  • Feature – Added nocache_headers() to prevent caching for the different browsers – props Chris Harmoney.
  • Tweak – Removed $url parameter from whitelist filter.


  • Feature – Added $url parameter to bypass and whitelist filters.
  • Tweak – Updated Multisite conditionals which determine user access to sites.
  • Tweak – Moved ‘v_forcelogin_redirect’ filter to improve performance.


  • Fix – Improved the REST API restriction to allow alternative modes of authentication.


  • Tweak – Restrict access to the REST API for authorized users only – props Andrew Duthie.
  • Tweak – Added load_plugin_textdomain() to properly prepare for localization at


  • Feature – Added filter to bypass Force Login redirect for whitelisting pages without specifying a URL.
  • Tweak – Changed the hook for Force Login to run at a later stage in the WordPress tree.
  • Fix – Replaced deprecated function – props Just-Johnny.


  • Tweak – Made plugin translation ready.


  • Fix – Multisite ‘Super Admin’ users do not need assigned sites to access the network.


  • Feature – Added exceptions for AJAX, Cron and WP-CLI requests.
  • Fix – Only allow Multisite users access to their assigned sites.


  • Fix – Check for existence of explicit port number before appending port – props Björn Ali Göransson.


  • Tweak – Removed v_getUrl() function to reduce possible duplicates of global functions – props Joachim Happel.


  • Fix – Rewrote v_getUrl() function to use HTTP_HOST instead of SERVER_NAME – props Arlen22.


  • Feature – Added filter to set a specific URL to redirect to on login.
  • Feature – Added filter to allow whitelisting of additional URLs.


  • Fix – Rewrote v_getUrl function to include the server port – props Nicolas.


  • Feature – Added redirect to send visitors back to the URL they tried to visit after logging in.


  • Fix – Fixed password reset URL from being blocked – props estebillan.


  • Tweak – Streamlined code


  • Fix – Whitelisted the registration page and the Lost Password page – props jabdo.