Solved

How do I make my WordPress site an Intranet site

Posted on 2016-07-30
11
62 Views
Last Modified: 2016-08-01
Hi All

I am developing a knowledge base for work and want some advice on how to make the site a secure Intranet as never done this before.

I assume the site will still sit on a web server in the public domain and them access is restricted by domain or IP addressing a bit like a home router.

Or do I run the site on a localhost at work and the access is limited that way.

I have discovered a few potential limitations of localhost such as using google doc embedding on some pages so this i'm sure will be a learning  process

Any advice will be appreciated
0
Comment
Question by:IM&T SRFT
11 Comments
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 62 total points
ID: 41735930
I have several Wordpress site here on my local network.  I access them by machine name and/or IP address, 'localhost' is useless because that restricts access to the machine where the site is installed.

Wordpress requires PHP and MySQL to run.  You can install WAMP or XAMPP on one of your local machines to run Wordpress.  They both include PHP and MySQL.  That will keep it local so that outsiders can't see it.
0
 
LVL 30

Assisted Solution

by:renazonse
renazonse earned 62 total points
ID: 41735938
Wordpress is a security nightmare so definitely don't put a Wordpress intranet on a public domain. I'd suggest using Sharepoint 2013 Foundation as an intranet since it's free and designed to operate as such. Sharepoint has quite a bit more management and configuration overhead though.
0
 
LVL 4

Accepted Solution

by:
Branislav Borojevic earned 252 total points
ID: 41735941
This can help you achieve the desired outcome: https://wordpress.org/plugins/restricted-site-access/Restricted Site Access for WordPress

Using Restricted Site Access plugin, you can restrict access to a WordPress site for logged in users only or for users with specific IP addresses, which would be the case in your example. You can also choose to redirect users with no access to the site by sending them to the login page, redirect to another web address, show them a custom message, or even redirect them to a specific page. Restrict by IP feature is very useful if you want multiple employees in the office to have access to the development project without requiring them to register as a user.

Additionally, you can always add statements to your .htaccess file in the website root, and specify exactly what IP addresses can access the website, and the rest will get an error.

ErrorDocument 401 /path-to-your-site/index.php?error=404
ErrorDocument 403 /path-to-your-site/index.php?error=404

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?index\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^IP Address One$
RewriteCond %{REMOTE_ADDR} !^IP Address Two$
RewriteCond %{REMOTE_ADDR} !^IP Address Three$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

Open in new window


Just edit lines to add the IP addresses that need access to the admin dashboard and login page replacing IP Address “One,” “Two” and “Three” in the example above.

You can delete two of those lines if you only need to add one IP address or copy and paste them to add more to the list.

When an unauthorized visitor tries to access that page, they’ll see your current theme’s 404.php file.
0
 
LVL 70

Assisted Solution

by:Jason C. Levine
Jason C. Levine earned 62 total points
ID: 41735961
There's another good way to restrict access to a WordPress site, but only if your organization uses Google Apps.

https://wordpress.org/plugins/google-apps-login/

That plugin restricts access to the site and also ties logins to existing Google Apps accounts. We use it to keep an intranet on the public web and it's great.
0
 

Author Comment

by:IM&T SRFT
ID: 41736071
Thank you for the comments so far, so if I were to restrict to a specific domain name or IP that would be secure? I have slso found an active directory plugin which enables you to specify only users within a specified organisationsl unit to be a member, does that sound about right?  Renazonce i take your comment on board as this site must be secure 100%
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 62 total points
ID: 41736412
This expert suggested creating a Gigs project.
For a knowledge base application you might consider using a Wiki instead of Wordpress.  Mediawiki has security plug-ins that seem to work very well.  It's good enough for Wikipedia.  As the administrator, you can extend and restrict access by a number of ways, with different permission levels.

If you do not need collaborative editing, which is the main feature of the Wiki, and all you need is a document repository, then any of the popular content management systems will work fine.  They all have adequate security to restrict access appropriately.  Some of the PHP-based systems are listed here.  

The advantage of using a web-based system, instead of one that is restricted by IP address or other inflexible means, cannot be overstated.  Just password-protect your information!  Then as your client base evolves to use mobile access, etc., you will have an enduring authentication scheme, and you won't have to get involved every time someone wants to switch offices, or change his cable company, or add her iPad to the system.

Regarding the earlier comment that "Wordpress is a security nightmare," I respectfully disagree, as will millions of happy and secure WordPress users.  There are right ways and wrong ways of doing everything, and computer security is no different.  WordPress security problems are not inherent; they are added to the individual installations by novice programmers who do not understand basic security tenets and who do not understand the WordPress ecosystem that manages and vets additions to the baseline software.  If you're among those who have never tried to secure a WordPress installation, you might consider hiring a professional to help you do it the first time.  You can learn it all by trial and error, but the professional route will be faster and safer.

If you're interested in a little "under-the-covers" learning about the technologies, most of the general design patterns of PHP client authentication are shown in this article.  If you choose that design and you want to restrict who can see the site, you might omit the registration scripts and just register your users by hand with phpMyAdmin.  Or you might use a register-and-confirm design.  Of course, most of this technology is already built into any modern CMS you might choose, but it can be useful to understand how it works.

Best of luck with your project, ~Ray
0
 

Author Comment

by:IM&T SRFT
ID: 41737283
Thank you again.

Dave Baldwin - If you do not mind me asking... I initially setup as localhost but then features such as embedding and using google docs does not work so now I have the site on a web host.  It sounds like you have your installation on a server at work, how have you got this setup different to the Methods I have setup so far.  Is it that you have setup a server at work specifically to host and manage the site internally and how does that work different to localhost as ideally i'd like to setup where access can be automatically permitted via an Active Directory OU (but this is not essential as I can setup 20 people manually in 20 minutes).

Renazonse - Again will bear this in mind as maybe decide on another solution but I am also using this as a mini learning project to explore what WordPress can and cannot achieve

Branislav Borojevic - That looks a good idea to restrict IP so surely that would be a perfectly reasonable and secure way of working to bear in mind there are no personal identifiable details or passwords etc used on this tech knowledgebase.

Jason C Levine - Thank you but we do not use google apps accounts

Ray Paseur - You may be right but i'd been advised the Wiki we use had become unsupported so I chose to give WP a chance as it's something likely to be around for years and if we can get better functionality and for it work better than what we currently have it's an option we may or may not take.  I will look back at Wiki as if it supports pasting content and images better in the newer versions then that's really what we want from it the most
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 62 total points
ID: 41737319
The only real difference is that I used the IP address of the machine instead of 'localhost'.  'localhost' is not accessible from other machines so you don't want Wordpress using it for the 'domain name'.  I have two Wordpress installs on the machine to my right and one more on a hosting account.  

I just use the web servers on my machines to run whatever I need, I didn't set up a 'special' machine for Wordpress.  I do have 12+ machines with various web servers running on them for development and testing.
0
 

Author Comment

by:IM&T SRFT
ID: 41737351
Thank you Dave

Unfortunately my laptop failed Saturday so i'll get a backup of my onsite site and install to my PC and check this out.  I did have problems initially on local settup with plugins which embed documents and view them using Microsoft office online but will look at this again separately

Thank you once again.
0
 

Author Closing Comment

by:IM&T SRFT
ID: 41737356
All very good advice / options so shared points accordingly.  Thank you once again
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 41737856
You're welcome, glad to help.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

How to install BuddyPress on your self-hosted WordPress site It’s been called everything from “social networking in a box” to “Facebook without the terms of service,” but until Feb. 16, BuddyPress was a relatively unknown outside the WordPress MU…
Transferring a wordpress site from a host or local dev server to another host can be a pain. So I've included my steps on how I have accomplished this task. Steps include an assumption that you have Cpanel access or Ftp access.. If you do not hav…
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
The purpose of this video is to demonstrate how to add AdSense Ads to a WordPress Website, and how to set up WordPress to automatically place Ads in Sidebars. This will be demonstrated using a Windows 8 PC. Log into your AdSense account. : Cli…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now