Title: Authenticator
Author: Syde GmbH (formerly Inpsyde)
Published: <strong>Ògún  17, 2008</strong>
Last modified: Ṣẹrẹ 21, 2026

---

Ṣàwárí àwọn plugin

![](https://ps.w.org/authenticator/assets/icon-256x256.png?rev=1429631)

# Authenticator

 Láti ọwọ́ [Syde GmbH (formerly Inpsyde)](https://profiles.wordpress.org/inpsyde/)

[Ṣe ìgbàsílẹ̀](https://downloads.wordpress.org/plugin/authenticator.1.3.1.zip)

 * [Àwọn àlàyé](https://yor.wordpress.org/plugins/authenticator/#description)
 * [Àwọn àgbéyẹ̀wò](https://yor.wordpress.org/plugins/authenticator/#reviews)
 *  [Ìgbéwọlẹ̀](https://yor.wordpress.org/plugins/authenticator/#installation)
 * [Ìdàgbàsókè](https://yor.wordpress.org/plugins/authenticator/#developers)

 [Ìrànlọ́wọ́](https://wordpress.org/support/plugin/authenticator/)

## Àpèjúwe

This plugin allows you to make your WordPress site accessible to logged in users
only. In other words, to view your site they have to create or have an account on
your site and be logged in. No configuration necessary, simply activating Ìtumọ̀
Yorùbá: – thatÌtumọ̀ Yorùbá: ’s all.

#### Crafted by Inpsyde

The team at [Inpsyde](https://inpsyde.com) is engineering the web and WordPress 
since 2006.

#### Donation?

You want to donate Ìtumọ̀ Yorùbá: – we prefer a positive review, not more.

#### Bugs, technical hints or contribute

Please give me feedback, contribute and file technical bugs on [GitHub Repo](https://github.com/bueltge/Authenticator).

#### License

Good news, this plugin is free for everyone! Since itÌtumọ̀ Yorùbá: ’s released 
under the GPL, you can use it free of charge on your personal or commercial blog.
But if you enjoy this plugin, you can thank me and leave a [small donation](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6069955)
for the time IÌtumọ̀ Yorùbá: ’ve spent writing and supporting this plugin. And I
really donÌtumọ̀ Yorùbá: ’t want to know how many hours of my life this plugin has
already eaten 😉

#### Translations

The plugin comes with various translations, please refer to the [WordPress Codex](https://codex.wordpress.org/Installing_WordPress_in_Your_Language)
for more information about activating the translation. If you want to help to translate
the plugin to your language, please have a look at the translation possibility in
[this page here](https://translate.wordpress.org/projects/wp-plugins/authenticator).

#### Donation?

You want to donate Ìtumọ̀ Yorùbá: – we prefer a positive review, not more.

## Àwọn àwòrán ìbòjú

[⌊Authenticator's setting options at Settings <span aria-hidden=⌉⌊Authenticator's setting options at Settings <span aria-hidden=⌉→ Reading.” class=”wp-image-9000001Ìtumọ̀ Yorùbá: ″ srcset=”https://i0.wp.com/ps.w.org/authenticator/assets/screenshot-1.png?rev=717235&w=300 300w, https://i0.wp.com/ps.w.org/authenticator/assets/screenshot-1.png?rev=717235&w=600 600w, https://i0.wp.com/ps.w.org/authenticator/assets/screenshot-1.png?rev=717235&w=900 900w” sizes=”(max-width: 599px) 50vw, 33vw” width=”994Ìtumọ̀ Yorùbá: ″ height=”788Ìtumọ̀ Yorùbá: ″ loading=”eager” fetchpriority=”high” decoding=”async”/>](https://ps.w.org/authenticator/assets/screenshot-1.png?rev=717235)

AuthenticatorÌtumọ̀ Yorùbá: ’s setting options at Settings  Reading.

[⌊Auth token for feeds is displayed on the user's profile settings page.⌉⌊Auth token
for feeds is displayed on the user's profile settings page.⌉[

Auth token for feeds is displayed on the userÌtumọ̀ Yorùbá: ’s profile settings 
page.

## Ìgbéwọlẹ̀

#### Requirements

 * WordPress version 1.5 and later.
 * PHP 5.6 or later.
 * Single or Multisite installation.

On PHP-CGI setups: Ìtumọ̀ Yorùbá: – `mod_setenvif` or `mod_rewrite` (if you want
to user HTTP authentication for feeds).

#### Installation

 1. Unzip the downloaded package.
 2. Upload folder include the file to the `/wp-content/plugins/` directory.
 3. Activate the plugin through the `Plugins` menu in WordPress.

or use the installer via the back end of WordPress.

#### On PHP-CGI setups

If you want to use HTTP authentication for feeds (available since 1.1.0 as an _optional_
feature) you have to update your `.htaccess` file. If [mod_setenvif](http://httpd.apache.org/docs/2.0/mod/mod_setenvif.html)
is available, add the following line to your `.htaccess`:

    ```
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
    ```

Otherwise you need [mod_rewrite](http://httpd.apache.org/docs/current/mod/mod_rewrite.html)
to be enabled. In this case you have to add the following line to your `.htaccess`:

    ```
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    ```

In a typical WordPress `.htaccess` it all looks like:

    ```
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteBase /
        RewriteRule ^index\.php$ - [L]
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
        RewriteRule . /index.php [L]
    </IfModule>
    ```

On a multisite installation:

    ```
    # BEGIN WordPress
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]

    # uploaded files
    RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]

    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteRule . index.php [L]
    # END WordPress
    ```

#### Settings

You can change the settings of Authenticator in Settings  Reading. The settings 
refer to the behavior of your blogÌtumọ̀ Yorùbá: ’s feeds. They can be protected
by HTTP authentication (not all feed readers support this) or by an authentication
token which is added to your feed URL as a parameter. The third option is to keep
everything in place. So feed URLs will be redirected to the login page if the user
is not logged in (send no auth-cookie).

If you using token authentication, you can show the token to the blog users on their
profile settings page by setting this option.

#### HTTP Auth

Users can gain access to the feed with their username and password.

#### Token Auth

The plugin will generate a token automatically when choosing this option. Copy this
token and share it with the people who should have access to your feed. If your 
token is `ef05aa961a0c10dce006284213727730` the feed URLs look like so:

    ```
    # Main feed
    https://example.com/feed/?ef05aa961a0c10dce006284213727730

    # Main comment feed
    https://example.com/comments/feed/?ef05aa961a0c10dce006284213727730

    # Without permalinks
    https://example.com/?feed=rss2&ef05aa961a0c10dce006284213727730
    ```

#### API

**Filters**

 * `authenticator_get_options` gives you access to the current authentication token:
 * <?php $authenticator_options = apply_filters( ‘authenticator_get_options’, array());
 * `authenticator_bypass` gives you the possibility to completely bypass the authentication.
   No authentication will be required then.
 * <?php add_filter( ‘authenticator_bypass’, ‘__return_true’ );
 * `authenticator_bypass_feed_auth` gives you the possibility to open the feeds 
   for everyone. No authentication will be required then.
 * <?php add_filter( ‘authenticator_bypass_feed_auth’, ‘__return_true’ );
 * `authenticator_exclude_pagenows` Pass an array of `$GLOBALS[ 'pagenow' ]` values
   to it, to exclude several WordPress pages from redirecting to the login page.
 * `authenticator_exclude_ajax_actions` AJAX-Actions (independend of `_nopriv`) 
   which should not be authenticated (remain open for everyone)
 * `authenticator_exclude_posts` List of post-titles which should remain public,
   like the follow example source to public the ‘Contact’-page.
 *     ```
       <?php
       add_action( 'plugins_loaded', function() {
           add_filter( 'authenticator_exclude_posts', function( $titles ) {
               $titles[] = 'Contact'; // here goes the post-title of the post/page you want to exclude
               return $titles;
           } );
       } );
       ```
   

## Àwọn àgbéyẹ̀wò

![](https://secure.gravatar.com/avatar/a5b578f3e794305663de8b5a02dcae2379237a4b05f213c32b65c2ed368e71ed?
s=60&d=retro&r=g)

### 󠀁[Functionality](https://wordpress.org/support/topic/functionality-42/)󠁿

 [giovanni1963it](https://profiles.wordpress.org/giovanni1963it/) Òkúdù 24, 2024

perfect

![](https://secure.gravatar.com/avatar/9b34d945b55e167ec36ca23348a76e2318534429c37de35c24608af4aa0ca727?
s=60&d=retro&r=g)

### 󠀁[I love simplicity](https://wordpress.org/support/topic/i-love-simplicity-2/)󠁿

 [gudi](https://profiles.wordpress.org/wordoping/) Ògún 10, 2020

It doesnÌtumọ̀ Yorùbá: ’t get easier than this. Thank you ♥

![](https://secure.gravatar.com/avatar/c1b4a3271458b7a8364cc96d56bd4f94c0cc51f4f63d734e3118390e4d34c710?
s=60&d=retro&r=g)

### 󠀁[Indispensable](https://wordpress.org/support/topic/indispensable-132/)󠁿

 [Peter Raschendorfer](https://profiles.wordpress.org/petersplugins/) Ọwẹ́wẹ̀ 6,
2018

This is the first plugin I install on every new website to protect it until going
live. Never had any problems with this handy piece of software. Thanks, Peter

![](https://secure.gravatar.com/avatar/fea50d87ecd302af7d717605381840cb71622c8bfdca349e4bd40b37c83111c3?
s=60&d=retro&r=g)

### 󠀁[Simple & effective](https://wordpress.org/support/topic/simple-effective-111/)󠁿

 [Mountain_King](https://profiles.wordpress.org/mountain_king/) Ògún 13, 2017

Just installed it and is working like a charm! Thanks!

![](https://secure.gravatar.com/avatar/668988f7a7685cc425dfc606b6a2c5f522783cb7a915348b3ee0379019e65bac?
s=60&d=retro&r=g)

### 󠀁[very simply](https://wordpress.org/support/topic/very-simply-2/)󠁿

 [claudio68](https://profiles.wordpress.org/claudio68/) Èbìbí 5, 2017

thatÌtumọ̀ Yorùbá: ’s all

![](https://secure.gravatar.com/avatar/a1c06c813f2720f919d2f55689e5164533ba1aa3f2fa6c41296b74aa831866fc?
s=60&d=retro&r=g)

### 󠀁[very good](https://wordpress.org/support/topic/very-good-823/)󠁿

 [janramroth](https://profiles.wordpress.org/janramroth/) Ọ̀wàrà 26, 2016

Very simple, no configuration, just puts the login screen to WordPress frontend.
Perfect for me.

 [ Ka gbogbo àwọn àgbéyẹ̀wò 8 ](https://wordpress.org/support/plugin/authenticator/reviews/)

## Àwọn Olùkópa & Olùgbéejáde

“Authenticator” jẹ́ ètò ìṣàmúlò orísun ṣíṣí sílẹ̀. Àwọn ènìyàn wọ̀nyí ti ṣe ìkópa
sí plugin yìí.

Àwọn Olùkópa

 *   [ Syde GmbH (formerly Inpsyde) ](https://profiles.wordpress.org/inpsyde/)
 *   [ Frank Bueltge ](https://profiles.wordpress.org/bueltge/)
 *   [ Robert Windisch ](https://profiles.wordpress.org/nullbyte/)
 *   [ David ](https://profiles.wordpress.org/dnaber-de/)

A ti túmọ̀ “Authenticator” sí àwọn èdè agbègbè 3. Ọpẹ́lọpẹ́ fún [àwọn atúmọ̀ èdè](https://translate.wordpress.org/projects/wp-plugins/authenticator/contributors)
fún àwọn ìkópa wọn.

[Túmọ̀ “Authenticator” sí èdè rẹ.](https://translate.wordpress.org/projects/wp-plugins/authenticator)

### Ṣe o nífẹ̀ẹ́ sí ìdàgbàsókè?

[Ṣàwárí koodu](https://plugins.trac.wordpress.org/browser/authenticator/), ṣàyẹ̀wò
[ibi ìpamọ́ SVN](https://plugins.svn.wordpress.org/authenticator/), tàbí ṣe àgbékalẹ̀
sí [àkọsílẹ̀ ìdàgbàsókè](https://plugins.trac.wordpress.org/log/authenticator/) 
nípasẹ̀ [RSS](https://plugins.trac.wordpress.org/log/authenticator/?limit=100&mode=stop_on_copy&format=rss).

## Àkọsílẹ̀ àwọn àyípadà

#### 1.3.1 (2022-11-22)

 * Security Fix: Generate valid nonce only for privileged user to prevent privilege
   elevation.

#### 1.3.0 (2017-11-30)

 * Fixed a topic on login of users if you exclude posts from the Authenticator.
 * Add new filter hook to bypass the plugin `authenticator_bypass`, see the readme.
 * Should now be ready for translations from the WordPress translation service.

#### 1.2.3 (08/10/2017)

 * Fixed loop about settings that create a fatal error.
 * Added authentication also for REST API; probs steffenster.

#### 1.2.2 (08/10/2017)

 * Update readme to solve support questions, it works also under newer WP versions,
   tested up 4.9-alpha.

#### 1.2.1 (08/31/2014)

 * Add guard for the constant `XMLRPC_REQUEST`.
 * Fix for XML-RPC bug [#17](https://github.com/bueltge/Authenticator/issues/17).
 * Enhance the readme to exclude posts/pages [#18](https://github.com/bueltge/Authenticator/issues/18).

#### 1.2.0 (06/26/2014)

 * Fix the PHP notice [#15](https://github.com/bueltge/Authenticator/issues/15).
 * Fix [#14](https://github.com/bueltge/Authenticator/issues/14).
 * Add a removal of backlink in login footer [#8](https://github.com/bueltge/Authenticator/issues/8).
 * Filter for Ajax actions [#12](https://github.com/bueltge/Authenticator/issues/12).
 * Redefine `$reauth` for redirect [#11](https://github.com/bueltge/Authenticator/issues/11).
 * Apply API Hook for exclude several URLs from redirect [#10](https://github.com/bueltge/Authenticator/issues/10).
 * Add settings for XML-RPC [#9](https://github.com/bueltge/Authenticator/issues/9).
 * Add Composer support.
 * Update readme to see all information on wordpress.org repo.

#### 1.1.0 (04/17/2014)

 * Add HTTP authentification for feeds.
 * Add settings for reading the feed.
 * Add token auth for feeds.

#### 1.0.0 (01/20/2012)

 * Fix in multisite for redirect, also if the user does not have an account.
 * Small rewrite for better codex.

#### 0.4.1 (04/20/2011)

 * Remove network comment for using different blogs in Multisite.

#### 0.4.0 (04/11/2011)

 * Bugfix for login without multisite.
 * Ask for multisite.
 * Fix for using plugin with WP earlier than 3.*.
 * Also usable in mu-plugins folder.

#### 0.3.0 (04/06/2011)

 * Add check for rights to publish posts to use the plugin on Multisite Install;
   only users with this rights have access to the blog of Multisite install.
 * Small changes of code.

## Àkójọpọ̀ Meta

 *  Ẹ̀yà **1.3.1**
 *  Ìgbàgbọ́hùn tó kẹ́yìn **oṣù 6 sẹ́yìn**
 *  Àwọn ìgbéwọlẹ̀ tó ṣiṣẹ́ **1,000+**
 *  Ẹ̀yà WordPress ** 5.0 tàbí ju bẹ́ẹ̀ lọ **
 *  Dánwò dé **6.9.4**
 *  Ẹ̀yà PHP ** 5.6 tàbí ju bẹ́ẹ̀ lọ **
 *  Àwọn èdè
 * [English (UK)](https://en-gb.wordpress.org/plugins/authenticator/), [English (US)](https://wordpress.org/plugins/authenticator/),
   [German](https://de.wordpress.org/plugins/authenticator/), àti [Portuguese (Portugal)](https://pt.wordpress.org/plugins/authenticator/).
 *  [Túmọ̀ sí èdè rẹ](https://translate.wordpress.org/projects/wp-plugins/authenticator)
 * Àwọn àmì
 * [access](https://yor.wordpress.org/plugins/tags/access/)[accessible](https://yor.wordpress.org/plugins/tags/accessible/)
   [authentification](https://yor.wordpress.org/plugins/tags/authentification/)[login](https://yor.wordpress.org/plugins/tags/login/)
   [members](https://yor.wordpress.org/plugins/tags/members/)
 *  [Ìwòye Tó Péye](https://yor.wordpress.org/plugins/authenticator/advanced/)

## Àwọn ìbò

 5 lára àwọn ìràwọ̀ 5.

 *  [  8 5-star reviews     ](https://wordpress.org/support/plugin/authenticator/reviews/?filter=5)
 *  [  0 4-star reviews     ](https://wordpress.org/support/plugin/authenticator/reviews/?filter=4)
 *  [  0 3-star reviews     ](https://wordpress.org/support/plugin/authenticator/reviews/?filter=3)
 *  [  0 2-star reviews     ](https://wordpress.org/support/plugin/authenticator/reviews/?filter=2)
 *  [  0 1-star reviews     ](https://wordpress.org/support/plugin/authenticator/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/authenticator/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/authenticator/reviews/)

## Àwọn Olùkópa

 *   [ Syde GmbH (formerly Inpsyde) ](https://profiles.wordpress.org/inpsyde/)
 *   [ Frank Bueltge ](https://profiles.wordpress.org/bueltge/)
 *   [ Robert Windisch ](https://profiles.wordpress.org/nullbyte/)
 *   [ David ](https://profiles.wordpress.org/dnaber-de/)

## Ìrànlọ́wọ́

Nǹkan wà tí o fẹ́ sọ? Ṣé o nílò ìrànlọ́wọ́?

 [Wo àpéjọ ìrànlọ́wọ́](https://wordpress.org/support/plugin/authenticator/)