How to Let Subscribers View Your Private WordPress Blog

By Default, Only Administrators and Editors Can View Private Posts

Wordpress logo
WordPress Foundation

By Default, Only Administrators and Editors Can View Private Posts

Have you ever wanted to set up a private WordPress blog for only your family and friends, or members of a company team? WordPress offers a few default options for making your WordPress blog private, but there's a catch. When you mark a post "Private", it can only be seen by ​Administrators and Editors.

Probably, you don't want your friends to edit your posts, only to read them.

WordPress calls these ordinary read-only users ​Subscribers. With the tips in this article, you can still keep the anonymous public out, but make your private posts available for reading to your Subscriber friends.

Version: WordPress 3.x

Before We Begin

Standard disclaimer: I am neither a PHP nor WordPress plugin security expert. Use the suggested code and plugins at your own risk. They don't raise any red flags for me, but unless your blog is basically for fun, you should run these ideas past your IT team (if you have one). At least ​test the changes on a copy first.

And if you're storing state secrets or plans for nanobot-steam-powered cars, you might want to invest in a more secure solution. Like paper.

Spot check: To follow these instructions, you'll need to be able to add a custom theme.

For instance, If you're running a free blog, you won't be able to do this (without upgrades).

However, blogs apparently have an extra privacy option to make it easy to share posts with friends and family, so you can check on that.

First, Make a Child Theme

The first step is to make a custom child theme, if you haven't already. You can do this in about five minutes. Use your current theme as the ​parent theme.

The child theme will simply hold a few snippets of code to customize your site.

True, a cleaner choice might be to make a separate, tiny plugin. Then you could reuse the code on several sites.

However, writing a plugin seems like overkill for such a tiny bit of code. Plus, if you haven't set up a child theme yet, you really should. With a child theme, you can pop in CSS tweaks and start fixing all those little theme problems that have been irritating you.

Then, Create functions.php

Within your child theme, create a file called functions.php. This file is special. Most files in your theme will override the same file in the parent theme. If you make sidebar.php, it replaces the parent theme's sidebar. But functions.php does not override, it adds. You can put a few snippets of code in here, and still keep all the functionality of your parent theme.

Give Subscribers Extra Capabilities

Our goal is to allow ordinary subscribers to view our private posts. As Steve Taylor explains in this blog post, we can do this with a few simple lines in functions.php:


 // Allow subscribers to see Private posts and pages

 $subRole = get_role( 'subscriber' ); 
 $subRole->add_cap( 'read_private_posts' );
 $subRole->add_cap( 'read_private_pages' );

With the add_cap() function, you simply add extra ​capabilities to the Subscriber role. Now Subscribers can read private posts and pages.

See how easy this is? It only takes a few lines of code.

Note that, while Taylor only mentions read_private_posts, I also suggest adding read_private_pages. You might want to have a few private pages, too.

Smooth the Login

While we're here in functions.php, Taylor has an additional suggestion. Normally, when you log in to WordPress, you're taken to a Dashboard with various administrator tasks. But your Subscribers are only logging in to read. Being taken to a dashboard is annoying at best, confusing at worst. (You can almost hear your aunt groaning, "Where'd the blog go?")

With this code snippet, your Subscribers will be redirected to the home page. Insert it after the above code, in functions.php:

// Redirect to home page on login
function loginRedirect( $redirect_to, $request_redirect_to, $user ) {
    if ( is_a( $user, 'WP_User' ) && $user->has_cap( 'edit_posts' ) === false ) {
        return get_bloginfo( 'siteurl' );
    return $redirect_to; }

add_filter( 'login_redirect', 'loginRedirect', 10, 3 );

Note that this code does not test precisely for the Subscriber role. Instead, it tests whether the user can edit_posts. However, I think this is actually a better test -- anyone who can't edit posts has no real interest in the Dashboard.

Try "Private Posts by Default"

If most or all of your posts will be private, consider the​ Private Posts by Default plugin. This tiny plugin does one thing, and one thing only. When you create a new post, it is automatically set to Private.

You can still set the post to Public if you like. But with this plugin, you'll never forget to set a post to Private.

More From Us