I just finished a project where there was a fairly unique request, the client wanted:
- Restrict access to the website (site B) a WordPress site, to everyone EXCEPT those sent from the primary website (site A) not a WordPress site
- Once on this website (site B), freely traverse the internal pages.
This seems straight forward enough.
First plan was to sync the userbase from Site A to site B. This posed many challenges, MSSQL to MYSQL. I can be done. There is a plugin or two out there for this, but the real concern was the client didn’t want anything touching their database.
Fine, next plan was to use htaccess as the restrictor.
This should be straight forward. This simple process of:
Deny from all
Allow from siteb.com
Should have worked, but it didn’t. Near as I can tell, some hosting sites turn off some abilities in the htaccess file.
There are other methods in htaccess to use, with the general caveat of “that’s not very secure”.
Absolute security was not our goal.
Making access to those not intended difficult was our goal.
We then looked at writing a plugin that restricted access unless the referring URL has a specific string in it.
The challenge with this is, once on the site, you then need to create a session for that user.
Anyway, the solution came up almost by accident…how about a friggin’ cookie??
Yep, there’s a plugin for that.
The Token Access plugin is what we used.
Works like a champ.