Title: CFB Must Login Author: Code For Broke Published: December 31, 2025 Last modified: December 31, 2025 --- Search plugins ![](https://ps.w.org/cfb-must-login/assets/icon.svg?rev=3430247) # CFB Must Login By [Code For Broke](https://profiles.wordpress.org/codeforbroke/) [Download](https://downloads.wordpress.org/plugin/cfb-must-login.zip) * [Details](https://test.wordpress.org/plugins/cfb-must-login/#description) * [Reviews](https://test.wordpress.org/plugins/cfb-must-login/#reviews) * [Installation](https://test.wordpress.org/plugins/cfb-must-login/#installation) * [Development](https://test.wordpress.org/plugins/cfb-must-login/#developers) [Support](https://wordpress.org/support/plugin/cfb-must-login/) ## Description Must Login is a lightweight, user-friendly plugin that allows you to require login for your entire site with just one click. Perfect for membership sites, private blogs, intranets, or any site that needs to restrict access to registered users only. #### Features * **One-Click Toggle** – Enable or disable login requirement instantly from the admin bar * **REST API Protection** – Configurable authentication requirement for REST API endpoints * **Automatic Cache Clearing** – Automatically clears popular caching plugins when toggling protection * **Admin Bar Status Indicator** – Always see at a glance whether login is required * **Simple Settings Page** – Easy-to-use settings interface * **Admin Override** – Administrators always have access, even when login is required * **Smart Redirects** – Users are redirected to login and then back to their intended page * **Selective Endpoint Access** – Allow specific REST API endpoints for forms and authentication * **Cache Compatibility** – Works with WP Super Cache, W3 Total Cache, WP Rocket, and more * **No Configuration Needed** – Works perfectly out of the box * **Lightweight** – Minimal impact on site performance * **Translation Ready** – Fully internationalized and ready for translation #### How It Works 1. Install and activate the plugin 2. Click the lock icon in the admin bar to toggle login requirement 3. That’s it! Your site is now protected When enabled, all visitors must log in to view any page on your site. Administrators can quickly toggle this on or off from anywhere on the site using the admin bar. ### Developer Documentation #### Filters **cfb_must_login_redirect_url** – Customize the login redirect URL ``` add_filter('cfb_must_login_redirect_url', function($redirect_url, $redirect_to) { return 'https://example.com/custom-login'; }, 10, 2); ``` **cfb_must_login_allowed_rest_routes** – Allow additional REST API endpoints ``` add_filter('cfb_must_login_allowed_rest_routes', function($routes) { $routes[] = '/my-plugin/v1/public'; return $routes; }); ``` #### Actions **cfb_must_login_clear_cache** – Triggered when cache is cleared ``` add_action('cfb_must_login_clear_cache', function() { // Custom cache clearing logic }); ``` #### Capabilities The plugin uses the `cfb_must_login_manage` capability, which is mapped to `manage_options` by default. You can customize this using the `map_meta_cap` filter. ## Installation #### Automatic Installation 1. Log in to your dashboard 2. Navigate to Plugins Add New 3. Search for “Must Login” 4. Click “Install Now” and then “Activate” #### Manual Installation 1. Download the plugin zip file 2. Log in to your dashboard 3. Navigate to Plugins Add New Upload Plugin 4. Choose the zip file and click “Install Now” 5. Activate the plugin ## FAQ ### Will this affect search engines? Yes, when login is required, search engines cannot crawl your site. This is useful for private sites but should be disabled if you want search engine visibility. ### What is REST API protection? REST API protection requires authentication to access WordPress REST API endpoints when login is required. This prevents unauthenticated access to your site’s data through the API. You can enable or disable this feature separately in the settings. ### Which REST API endpoints are always accessible? Even with REST API protection enabled, the following endpoints remain accessible: * Authentication endpoints (JWT, Simple JWT Login) * Contact form endpoints (Contact Form 7, WPForms, Gravity Forms) * oEmbed endpoints Developers can allow additional endpoints using the `cfb_must_login_allowed_rest_routes` filter. ### Does this work with caching plugins? Yes! The plugin automatically detects and clears cache from popular caching plugins including: * WP Super Cache * W3 Total Cache * WP Rocket * LiteSpeed Cache * WP Fastest Cache * Autoptimize * Cache Enabler * Comet Cache * SG Optimizer * WP Optimize When you toggle the login requirement, the cache is automatically cleared to ensure the changes take effect immediately. ### Can I exclude certain pages? Version 1.0.0 requires login for the entire site. Future versions may include page exclusion options. ### What happens to users trying to access the site? Non-logged-in users are automatically redirected to the login page. After logging in, they’re redirected back to the page they were trying to access. ### Does this work with membership plugins? Yes! Must Login works alongside membership plugins and simply ensures users are logged in before viewing any content. ### Can I customize the redirect URL? Yes, developers can use the `cfb_must_login_redirect_url` filter to customize the redirect URL. ### How do I allow additional REST API endpoints? Developers can use the `cfb_must_login_allowed_rest_routes` filter to add custom endpoints to the allowlist: ``` add_filter('cfb_must_login_allowed_rest_routes', function($routes) { $routes[] = '/my-plugin/v1/public-endpoint'; return $routes; }); ``` ## Reviews There are no reviews for this plugin. ## Contributors & Developers “CFB Must Login” is open source software. The following people have contributed to this plugin. Contributors * [ Code For Broke ](https://profiles.wordpress.org/codeforbroke/) [Translate “CFB Must Login” into your language.](https://translate.wordpress.org/projects/wp-plugins/cfb-must-login) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/cfb-must-login/), check out the [SVN repository](https://plugins.svn.wordpress.org/cfb-must-login/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/cfb-must-login/) by [RSS](https://plugins.trac.wordpress.org/log/cfb-must-login/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.0.0 * Initial release * One-click toggle via admin bar * Configurable REST API protection * Automatic cache clearing for popular caching plugins * Support for WP Super Cache, W3 Total Cache, WP Rocket, and more * Selective REST API endpoint access * Admin notices for caching plugins * Translation ready ## Meta * Version **1.0.0** * Last updated **5 months ago** * Active installations **Fewer than 10** * WordPress version ** 5.0 or higher ** * Tested up to **6.9.4** * PHP version ** 7.4 or higher ** * Language * [English (US)](https://wordpress.org/plugins/cfb-must-login/) * Tags * [login](https://test.wordpress.org/plugins/tags/login/)[members](https://test.wordpress.org/plugins/tags/members/) [private](https://test.wordpress.org/plugins/tags/private/)[rest-api](https://test.wordpress.org/plugins/tags/rest-api/) [security](https://test.wordpress.org/plugins/tags/security/) * [Advanced View](https://test.wordpress.org/plugins/cfb-must-login/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/cfb-must-login/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/cfb-must-login/reviews/) ## Contributors * [ Code For Broke ](https://profiles.wordpress.org/codeforbroke/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/cfb-must-login/)