You don’t need to make your site entirely private; WordPress gives you two ways
to protect individual posts, so the wrong people can’t read them.
The first technique is password protection. The idea is simple—when you create
a post, you pick a password that potential readers need to know. When someone
tries to read the post, WordPress refuses to display it until the reader supplies the
The nice part about password protection is that it’s straightforward: You either know
the password or you don’t, and the password is all you need—protected posts don’t
require that a reader be registered with the site. Of course, administrators and editors
can edit any post, so password protection doesn’t affect them.
NOTE Use password-protected posts sparingly. If your site includes a mix of public and password-protected
posts, frustrated readers are likely to give up on you altogether. Password-protected posts make sense if your
site isn’t really on the Web, but hosted on an organization’s internal network (a.k.a. an intranet).
WordPress’s second post-protection technique is private posts, which are hidden
from everyone except logged-in administrators and editors. When other people visit
the site, WordPress scrubs every trace of your private posts. They won’t appear in
the post list, show up in searches, or appear when you browse by category, tag,
date, or author.
You can also add a password to a private post or make it private using the familiar
Publish box, which appears in the Add New Post and the Edit Post pages.
Creating More Specific Privacy Rules
The problem with private posts is that they’re too private.
You need to be an editor or administrator to view them, and
that may be more power than you want to give other people.
If you’re developing a self-hosted site, a good plug-in can
provide a solution. One is Page Security by Contexture (http://
tinyurl.com/page-security-c). It lets you create groups of users
and then give them permission to read specific posts or pages.
For example, you could create a group called Managers, add
several people to that group, and then give the entire group
permission to read your “Tax Evasion Secrets” post.
Be careful about going too far with the Page Security plugin,
however. If you need to set security rules for dozens of
pages, WordPress might not be the right tool for the job—you
might be better off with a content management system like
SharePoint or Alfresco. And although Page Security does a
good job of grafting on some basic security features, things
can get messy, and there’s no guarantee that the complex
security rules you set up now will continue to work in future
versions of WordPress.