內容簡介
WordPress 是一款流行的內容管理系統,非常適合建立面向公眾的網站。
公司通常需要一個私人的設置,也就是所謂的內網。這就是 All-In-One Intranet 的作用。
有許多免費的插件可以添加隱私和其他需求 - 但你需要挑選所需的功能,並確保它們都能夠良好地協同工作。
All-In-One Intranet 提供了一個 WordPress 插件,包含您需要的一切,可以鎖定您的網站並開始構建公司的內部網絡。
什麼是內網?
內網基本上是企業的私人內部網站。但是,它們還可以是內部通訊平臺、協作工具、知識共享平台,甚至是社交網絡。這些都是用 WordPress 網站可以實現的。
功能
隱私 - 只需勾選一個簡單的框,即可將整個站點設置為非公開,除非有人已經登錄。如果任何 WordPress 核心設置正在允許未經授權的用戶註冊,它還會顯示警告。
登錄重定向 - 您的工作人員登錄以閱讀信息,並有可能撰寫新內容。默認情況下,WordPress 將用戶登錄為其個人資料頁面,但在某些情況下,這並不總是有用。現在,您可以將任何頁面或 URL 設置為登錄後首先訪問的頁面。
自動登出 - 輕鬆設置不活動的時間間隔,在此之後,用戶將自動登出,以保護您的敏感公司信息。時間間隔以分鐘、小時或天為單位設置。
All-In-One Intranet 設計用於標準 WordPress 安裝。如果您有多站點安裝,《高級版》請參見下文。
支持和高級功能
All-In-One Intranet 高級版包括所有免費插件的功能,以及:
由我們出色的 WordPress 魔術師團隊提供的高級支持。
多站點子網站成員身份 - 當創建新用戶(或網站)時,設置要應用於所有子網站的默認角色。可以節省手動將新用戶添加到子網站,或將現有用戶添加到新子網站的時間。
** 多站點子站隱私 ** - 決定用戶是否需要成為子站的成員才能查看它(假設您已經在“隱私”中限制了整個網站只限登錄用戶)
完整支持和更新
參見All-In-One Intranet 高級版
Google Apps
您的組織是否使用 Google Workplace 或 Google Classroom?
(曾被稱為 Google Apps 和 GSuite)
Google Apps 登錄 可讓 Google Workplace 管理員完全從 Google Apps 中管理 WordPress 用戶帳戶。這可以節省時間並增加安全性 - 讓人們放心只有授權的員工可以訪問公司的網站和內網。
Google 驅動器嵌入器* 允許作者輕鬆地從 Google Drive 直接在您的網站上嵌入文檔。
網站
請至我們的網站,參閱All-In-One Intranet
外掛標籤
開發者團隊
② 後台搜尋「Intranet & Private Site – All-In-One Intranet」→ 直接安裝(推薦)
原文外掛簡介
WordPress is one of the most popular platforms for building corporate intranets and private company websites. The problem is that WordPress was designed for public-facing sites. Making it work as a private intranet typically requires installing multiple plugins, configuring each one separately, and hoping they all play nicely together.
All-In-One Intranet solves this by giving you everything you need in a single plugin to turn your WordPress site into a fully private intranet. Enable privacy with one checkbox, set up auto-logout to protect sensitive information, configure where users land after login, and manage multisite access controls – all from one settings page.
Whether you are building a corporate intranet, a private knowledge base, a restricted client portal, or an internal communications hub, this plugin handles the foundational privacy and access control so you can focus on your content.
What is an Intranet?
An intranet is a private website or network used internally by an organization. Unlike a public website, an intranet is only accessible to authorized users – typically employees, contractors, or specific team members.
Common uses for a WordPress intranet include:
Internal company communications and announcements
Employee handbooks, policies, and procedures
Knowledge bases and documentation wikis
Project collaboration and team coordination
HR portals for onboarding and training materials
Client portals with restricted access to project files
WordPress is well suited for all of these because of its familiar editing interface, extensive plugin ecosystem, and flexible user role system. All-In-One Intranet provides the access control layer that makes it all work.
Features
All-In-One Intranet includes five core features designed to cover the most common intranet requirements:
One-Click Private Site
Enable the “Force site to be entirely private” checkbox, and your entire WordPress site becomes restricted to logged-in users only. Anyone who is not logged in gets redirected to the WordPress login page automatically.
This single setting handles multiple layers of privacy at once:
Page and post access – all frontend content requires authentication
REST API protection – unauthenticated REST API requests are blocked with a 401 error, preventing data leaks through the API
XML-RPC blocking – XML-RPC is disabled entirely when privacy is active, closing another potential access vector
Search engine blocking – the robots.txt file is automatically updated to disallow all crawling, keeping your private content out of search indexes
Pingback suppression – outgoing pingbacks and trackbacks are disabled so your private site does not announce itself to external services
The plugin also monitors your WordPress registration settings. If “Anyone can register” is enabled on a single site, or if open registration is allowed on a multisite network, the plugin displays a warning on the settings page so you can fix it before it becomes a problem.
Auto-Logout for Inactive Users
Shared workstations and forgotten browser tabs are a real security risk for intranets. The auto-logout feature lets you set a maximum idle time – in minutes, hours, or days – after which users are automatically logged out.
The plugin tracks each user’s last activity timestamp. On every page load, it checks whether the configured idle time has been exceeded. If a user has been inactive for too long, they are logged out immediately and redirected back to the page they were viewing, which triggers the login wall if the site is private.
This protects sensitive company information without requiring users to remember to log out manually. Set it to 30 minutes for high-security environments, a few hours for typical office use, or leave it blank to disable the feature entirely.
Custom Login Redirect
By default, WordPress sends users to the dashboard after they log in. For an intranet, this is not useful – your team is logging in to read content, not to manage the site.
The login redirect feature lets you set any URL on your site as the post-login landing page. Point it to your company homepage, a news feed, or a team dashboard so users see relevant content right away.
This redirect only applies when users log in directly through the standard WordPress login page. If a user tries to access a specific page and gets redirected to log in first, they will be sent back to that page after authentication – not to the custom redirect URL. This keeps the user experience smooth.
Multisite Sub-site Privacy
If you run a WordPress multisite network, you can require logged-in users to be members of a specific sub-site before they can view it. This is useful for organizations with multiple departments, teams, or client areas – each with their own sub-site that should only be visible to relevant people.
When a user who is logged in but not a member of the current sub-site tries to access it, they see a message listing all the sub-sites they do have access to, with clickable links to navigate there. Access to the Network Admin area is never restricted by this setting.
This option works in combination with the main privacy setting. Enable private site first, then enable sub-site membership requirements for granular access control across your network.
Multisite Default Role Assignment
Managing user access across multiple sub-sites in a WordPress network can be tedious. Every time you add a new user or create a new sub-site, you would need to manually assign roles across all the relevant sites.
The default role assignment feature automates this. Choose a role (Subscriber, Editor, Administrator, or any custom role), and the plugin handles the rest:
When a new user is created, they are automatically added to every active sub-site in the network with the selected role
When a new sub-site is created, all existing users are automatically added to it with the selected role
This saves significant administration time, especially for growing organizations where new employees and new sites are added regularly.
How to Make Your WordPress Site Private
Setting up a private WordPress site with All-In-One Intranet takes about one minute:
Install and activate the plugin from the WordPress plugin directory
Go to Settings > All-In-One Intranet in your WordPress admin (or Network Admin > Settings > All-In-One Intranet for multisite)
Check the box labeled “Force site to be entirely private”
Click Save Changes
That is all it takes. Your site is now private. Any visitor who is not logged in will be redirected to the WordPress login page. The REST API, XML-RPC, and search engine indexing are all locked down automatically.
If you see a warning about registration settings after enabling privacy, follow the link in the warning to disable open registration and close the gap.
How to Set Up Auto-Logout for Inactive Users
The auto-logout feature protects your intranet from unattended browser sessions:
Go to Settings > All-In-One Intranet
Find the Auto Logout section
Enter a number in the time field (e.g., 30)
Select the time unit from the dropdown: Minutes, Hours, or Days
Click Save Changes
Users who are inactive for longer than the configured period will be logged out on their next page interaction. Their activity timer resets on every page load, so active users are never interrupted.
To disable auto-logout, clear the time field and save.
How to Configure Login Redirect
To send users to a specific page after they log in:
Go to Settings > All-In-One Intranet
Find the Login Redirect section
Enter the full URL of your desired landing page (e.g., https://example.com/welcome)
Click Save Changes
Users who log in via /wp-login.php will now land on that page instead of the WordPress dashboard. Users who were redirected to the login page from a specific URL will still return to that URL after logging in.
How to Set Up a WordPress Multisite Intranet
For organizations running a WordPress multisite network:
Go to Network Admin > Settings > All-In-One Intranet
Enable “Force site to be entirely private” to restrict the entire network to logged-in users
Optionally enable “Require logged-in users to be members of a sub-site to view it” for per-site access control
Under Sub-site Membership, select a default role to automatically assign users to sub-sites
Click Save Changes
The privacy and membership settings apply network-wide. The default role assignment runs automatically when new users or new sub-sites are created. Existing sub-sites and users are not affected retroactively when you change the role setting.
Security Features
All-In-One Intranet takes a layered approach to access control:
Authentication enforcement – uses WordPress’s built-in auth_redirect() function for reliable login redirection
REST API lockdown – blocks unauthenticated API requests, preventing data access through endpoints like /wp-json/wp/v2/posts
XML-RPC disabling – completely disables XML-RPC when privacy is active
No-role user handling – on single-site installations, users who are logged in but have no assigned role are logged out and shown an error message, preventing access by deactivated accounts
Registration monitoring – displays admin warnings if WordPress is configured to allow open registration, which would undermine your private site setup
Nonce verification – all settings forms use WordPress nonce validation to prevent cross-site request forgery
Capability checks – settings pages require manage_options (single site) or manage_network_options (multisite) capabilities
Note that media uploads (images, PDFs, etc.) remain accessible to anyone who knows their direct URL. This is a limitation of how WordPress stores media files and is common to most privacy plugins. If you need to protect individual file downloads, consider a dedicated file protection plugin alongside All-In-One Intranet.
For Developers
All-In-One Intranet provides the aioi_allow_public_access filter for developers who need to make specific pages or endpoints accessible without authentication.
This filter runs during both the template redirect check and the REST API dispatch check. Return true to allow public access for the current request:
add_filter( 'aioi_allow_public_access', function( $allow ) {
// Allow public access to a specific page
if ( is_page( 'public-landing' ) ) {
return true;
}
return $allow;
} );
This is useful for exposing specific landing pages, webhook endpoints, or custom API routes while keeping the rest of the site private.
Google Workspace Integration
If your organization uses Google Workspace (formerly Google Apps), two companion plugins extend your intranet:
Google Apps Login – lets employees sign in to WordPress using their Google Workspace accounts. Domain admins can manage WordPress access entirely from the Google Admin Console, and only authorized employees can access the intranet.
Google Drive Embedder – allows authors to embed Google Docs, Sheets, Slides, and other Drive files directly into pages and posts. Useful for intranets where documentation lives in Google Drive.
Visit wp-glogin.com for more information about these and other plugins.
