Re: All site data visible to members and non-members alike
Code revised to give protection even if buddypress gets deactivated: adds a second line of defence by hooking a wordpress action too. I’ve assumed that there’s no conflict here, but I don’t know if these two hooks collide. It seems to work ok.
<?php
/*
Plugin Name: BuddyPress Lockdown
Plugin URI: https://buddypress.org/
Description: Lock down your BuddyPress site if a user is not logged in.
Author: Andy Peatling & Andrew_S1
Version: 1.2
Author URI: https://buddypress.org/
Site Wide Only: true
*/
function bp_lockdown() {
global $bp;
if ( BP_REGISTER_SLUG != $bp->current_component &&
BP_LOGIN_SLUG != $bp->current_component &&
BP_LOGIN1_SLUG != $bp->current_component &&
!is_user_logged_in() ) {
bp_core_redirect( site_url( BP_LOGIN_SLUG ) );
}
}
function wp_lockdown() {
if ( !is_user_logged_in() ) {
auth_redirect( 'wp-login.php' );
}
}
add_action( 'bp_init', 'bp_lockdown');
// if no buddypress, have a backup plan
add_action( 'send_headers', 'wp_lockdown');
?>
