Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How do I make my WordPress site an Intranet site

Posted on 2016-07-30
11
Medium Priority
?
149 Views
Last Modified: 2016-08-01
Hi All

I am developing a knowledge base for work and want some advice on how to make the site a secure Intranet as never done this before.

I assume the site will still sit on a web server in the public domain and them access is restricted by domain or IP addressing a bit like a home router.

Or do I run the site on a localhost at work and the access is limited that way.

I have discovered a few potential limitations of localhost such as using google doc embedding on some pages so this i'm sure will be a learning  process

Any advice will be appreciated
0
Comment
Question by:IM&T SRFT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 248 total points
ID: 41735930
I have several Wordpress site here on my local network.  I access them by machine name and/or IP address, 'localhost' is useless because that restricts access to the machine where the site is installed.

Wordpress requires PHP and MySQL to run.  You can install WAMP or XAMPP on one of your local machines to run Wordpress.  They both include PHP and MySQL.  That will keep it local so that outsiders can't see it.
0
 
LVL 30

Assisted Solution

by:Britt Thompson
Britt Thompson earned 248 total points
ID: 41735938
Wordpress is a security nightmare so definitely don't put a Wordpress intranet on a public domain. I'd suggest using Sharepoint 2013 Foundation as an intranet since it's free and designed to operate as such. Sharepoint has quite a bit more management and configuration overhead though.
0
 
LVL 4

Accepted Solution

by:
Branislav Borojevic earned 1008 total points
ID: 41735941
This can help you achieve the desired outcome: https://wordpress.org/plugins/restricted-site-access/Restricted Site Access for WordPress

Using Restricted Site Access plugin, you can restrict access to a WordPress site for logged in users only or for users with specific IP addresses, which would be the case in your example. You can also choose to redirect users with no access to the site by sending them to the login page, redirect to another web address, show them a custom message, or even redirect them to a specific page. Restrict by IP feature is very useful if you want multiple employees in the office to have access to the development project without requiring them to register as a user.

Additionally, you can always add statements to your .htaccess file in the website root, and specify exactly what IP addresses can access the website, and the rest will get an error.

ErrorDocument 401 /path-to-your-site/index.php?error=404
ErrorDocument 403 /path-to-your-site/index.php?error=404

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?index\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^IP Address One$
RewriteCond %{REMOTE_ADDR} !^IP Address Two$
RewriteCond %{REMOTE_ADDR} !^IP Address Three$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

Open in new window


Just edit lines to add the IP addresses that need access to the admin dashboard and login page replacing IP Address “One,” “Two” and “Three” in the example above.

You can delete two of those lines if you only need to add one IP address or copy and paste them to add more to the list.

When an unauthorized visitor tries to access that page, they’ll see your current theme’s 404.php file.
0
Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

 
LVL 70

Assisted Solution

by:Jason C. Levine
Jason C. Levine earned 248 total points
ID: 41735961
There's another good way to restrict access to a WordPress site, but only if your organization uses Google Apps.

https://wordpress.org/plugins/google-apps-login/

That plugin restricts access to the site and also ties logins to existing Google Apps accounts. We use it to keep an intranet on the public web and it's great.
0
 

Author Comment

by:IM&T SRFT
ID: 41736071
Thank you for the comments so far, so if I were to restrict to a specific domain name or IP that would be secure? I have slso found an active directory plugin which enables you to specify only users within a specified organisationsl unit to be a member, does that sound about right?  Renazonce i take your comment on board as this site must be secure 100%
0
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 248 total points
ID: 41736412
This expert suggested creating a Gigs project.
For a knowledge base application you might consider using a Wiki instead of Wordpress.  Mediawiki has security plug-ins that seem to work very well.  It's good enough for Wikipedia.  As the administrator, you can extend and restrict access by a number of ways, with different permission levels.

If you do not need collaborative editing, which is the main feature of the Wiki, and all you need is a document repository, then any of the popular content management systems will work fine.  They all have adequate security to restrict access appropriately.  Some of the PHP-based systems are listed here.  

The advantage of using a web-based system, instead of one that is restricted by IP address or other inflexible means, cannot be overstated.  Just password-protect your information!  Then as your client base evolves to use mobile access, etc., you will have an enduring authentication scheme, and you won't have to get involved every time someone wants to switch offices, or change his cable company, or add her iPad to the system.

Regarding the earlier comment that "Wordpress is a security nightmare," I respectfully disagree, as will millions of happy and secure WordPress users.  There are right ways and wrong ways of doing everything, and computer security is no different.  WordPress security problems are not inherent; they are added to the individual installations by novice programmers who do not understand basic security tenets and who do not understand the WordPress ecosystem that manages and vets additions to the baseline software.  If you're among those who have never tried to secure a WordPress installation, you might consider hiring a professional to help you do it the first time.  You can learn it all by trial and error, but the professional route will be faster and safer.

If you're interested in a little "under-the-covers" learning about the technologies, most of the general design patterns of PHP client authentication are shown in this article.  If you choose that design and you want to restrict who can see the site, you might omit the registration scripts and just register your users by hand with phpMyAdmin.  Or you might use a register-and-confirm design.  Of course, most of this technology is already built into any modern CMS you might choose, but it can be useful to understand how it works.

Best of luck with your project, ~Ray
0
 

Author Comment

by:IM&T SRFT
ID: 41737283
Thank you again.

Dave Baldwin - If you do not mind me asking... I initially setup as localhost but then features such as embedding and using google docs does not work so now I have the site on a web host.  It sounds like you have your installation on a server at work, how have you got this setup different to the Methods I have setup so far.  Is it that you have setup a server at work specifically to host and manage the site internally and how does that work different to localhost as ideally i'd like to setup where access can be automatically permitted via an Active Directory OU (but this is not essential as I can setup 20 people manually in 20 minutes).

Renazonse - Again will bear this in mind as maybe decide on another solution but I am also using this as a mini learning project to explore what WordPress can and cannot achieve

Branislav Borojevic - That looks a good idea to restrict IP so surely that would be a perfectly reasonable and secure way of working to bear in mind there are no personal identifiable details or passwords etc used on this tech knowledgebase.

Jason C Levine - Thank you but we do not use google apps accounts

Ray Paseur - You may be right but i'd been advised the Wiki we use had become unsupported so I chose to give WP a chance as it's something likely to be around for years and if we can get better functionality and for it work better than what we currently have it's an option we may or may not take.  I will look back at Wiki as if it supports pasting content and images better in the newer versions then that's really what we want from it the most
0
 
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 248 total points
ID: 41737319
The only real difference is that I used the IP address of the machine instead of 'localhost'.  'localhost' is not accessible from other machines so you don't want Wordpress using it for the 'domain name'.  I have two Wordpress installs on the machine to my right and one more on a hosting account.  

I just use the web servers on my machines to run whatever I need, I didn't set up a 'special' machine for Wordpress.  I do have 12+ machines with various web servers running on them for development and testing.
0
 

Author Comment

by:IM&T SRFT
ID: 41737351
Thank you Dave

Unfortunately my laptop failed Saturday so i'll get a backup of my onsite site and install to my PC and check this out.  I did have problems initially on local settup with plugins which embed documents and view them using Microsoft office online but will look at this again separately

Thank you once again.
0
 

Author Closing Comment

by:IM&T SRFT
ID: 41737356
All very good advice / options so shared points accordingly.  Thank you once again
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 41737856
You're welcome, glad to help.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wordpress Horizontal Drop-Down Menu In this tutorial I will show you had to add a WordPress horizontal navigation menu to your theme. I have searched and searched for a good tutorial on creating a WordPress nav menu without adding a plug-in or us…
WordPress can be pretty daunting, especially for a beginner, so I thought it might be a good idea to write an article to show how easy it is to get started in WordPress and to design a custom theme.  The first step is to check with your hosting comp…
The purpose of this video is to demonstrate how to insert an Iframe into WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Open Page or Post…
The purpose of this video is to demonstrate how to Test the speed of a WordPress Website. Site Speed is an important metric of a site’s health. Slow site speed can result in viewers leaving your site quickly and not seeing your content. This…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question