WiscWeb - WordPress UW Theme - Options for Protecting Pages
This document will explain the different options available for locking down pages and what they may mean for your site and its contents.
At this time, we are not taking new requests for intranets, sites requiring integration with Manifest Groups, or sites requiring NetID authentication on pages. We apologize for the inconvenience and will keep the community posted on any developments on these topics. More information can be found on the WiscWeb website.
- Offering Comparison
- Native WordPress Password Protection
- Publishing to Private
- Non-Indexed Site
- KnowledgeBase Pages
- UW Box for Media (Example: PDF files)
The following chart breaks down the various options available to you and the situations to which they are best suited.
|Offers Protection at the Root||Offers Individual Page Protection||Offers Protection for Media||Offers Protection for Select List of NetIDs||Offers Protection for Entire UW-Madison Network|
|Native WordPress Password Protection||x|
|Publishing to Private||x||x|
See Important Considerations before proceeding.
WiscWeb now offers an option to password protect an individual page of a website using WordPress's native protection option.
To set your own password for a page, follow these steps:
- On a page or post, locate the Publish box in the top right corner
- Click the Edit link next to Visibility
- Choose the Password Protected radio button
- Set your desired password
- Click the OK button
- Click the blue Update button to save your changes
- Do not use your NetID password for your protected page.
- This option will not protect media files that are added to the page. If you upload a file to this page, the URL of the file is still publicly accessible if shared directly. If you require protection for media, we suggest uploading to UW Box.
- Protected pages should still not be used for sharing sensitive/restricted data. WiscWeb is not secured to host any sensitive/restricted data. See WiscWeb - WordPress UW Theme - Sensitive, Restricted, and Internal Data Policy.
- Anyone with the password - even those outside of the organization - will be able to get to content protected in this manner.
WordPress offers the option to publish pages as "Private" rather than public. This option is located in the Publish box in the top right corner of a page or post.
When a page or post is published to Private, it can only be viewed by Admins and Editors of the project. They will be prompted with the standard NetID login screen if not already logged in to Shibboleth. After logging in with NetID credentials, they will be brought to the page content.
If a user who is not an Admin or Editor on your site attempts to access the page, they will be brought to WiscWeb's standard 403 error page.
To publish a page as private, click the Edit link next to Visibility. Click on Private and choose OK. Then click the blue Update button to save your changes.
In WordPress, you have the option to turn off the ability for search engines to index your site. This setting is located in your site's Reading settings (Settings > Reading). The option is unchecked by default, but can be activated if your preference is for your site to not appear in search results. This will mean that users who have the exact URL of the site can still get to it, but the likelihood of someone stumbling across it is decreased. Also, the site should not appear in campus or Google searches.
Please note that it is up to the individual search engine to honor this request.
The UW KnowledgeBase (KB) is an ideal location for secure content as it allows for several options for protection. These various options are detailed in their own documentation. In general, though, you can use the KnowledgeBase to lock down web content to all NetIDs or a select list of users.
Once your KB documentation is created, you can integrate it with an existing WiscWeb project by linking out to the content or by utilizing the KB Search plugin.
For questions about the KnowledgeBase, please contact the KB team: firstname.lastname@example.org
If the content that you need protected is just media (JPG, PNG, PDF, and other files), we strongly recommend moving these over to UW Box, where you can more easily maintain access to these docs.UW Boxallows for robust permission and archival settings. Additionally, files loaded here can easily be shared with users located both on and off campus. To utilize this option, simply upload the files to Box, set the permissions, and then link to the documents and images from the webpage.
- Protected sites or pages may not export data to Google Analytics. The tracking cookie will not be able to capture user interaction with your site if the site or page is not public.
- The default password protection that comes standard with WordPress sites will not work in WiscWeb due to the configuration of our Shibboleth plugin. There is no way to lock down pages to a generic password in WiscWeb. Instead, consider the other options in this document.