Do you want to create a WordPress intranet for your organization? WordPress is a powerful platform with tons of flexible options that makes it ideal to be used as your company’s intranet. In this article, we will show you how to create a WordPress intranet for your organization while keeping it private and secure.
What is Intranet or Extranet? Why Use WordPress as Your Intranet Platform?
Intranet or Extranet is a communications platform used by an organization for communication, file sharing, announcements, and other organizational activities.
WordPress is an excellent platform to build your organization’s intranet or extranet. It is easy to maintain, open source, and gives you access to thousands of WordPress plugins to add new features when needed.
An intranet runs on an organization’s private network. Typically, an office IT system is connected via cable or wireless network adapters. One computer on the network can be used as the web server and host a WordPress website.
Follow the instructions in our guide on how to install WordPress on a Windows network using WAMP or install WordPress on a Mac computer using MAMP to start your WordPress intranet.
On the other hand, an extranet is an intranet platform accessible to a larger network or public internet. In plain English, this could be a website publicly accessible but restricted to authorized users only.
It is particularly useful if your organization is distributed across different geographic locations.
To create your WordPress extranet, you’ll need a WordPress hosting account and a domain name. After that, you can install WordPress and then set it up to be used as your organization’s intranet.
Once you have installed WordPress as your intranet, the next step is to convert it into a communications hub for your organization.
To do that, you’ll be using several WordPress plugins. We will show you the basic setup that will serve as the foundation for your WordPress intranet to grow and meet your organization’s goals.
Setting Up BuddyPress as Your WordPress Intranet Hub
BuddyPress is a sister project of WordPress. It converts your WordPress website into a social network. Here are some of the things a BuddyPress powered intranet can do:
You will be able to invite users to register on company intranet
Users will be able to create extended user profiles
Activity streams allow users to follow latest updates like Twitter or Facebook
You will be able to create user groups to sort users into departments or teams
Users can follow each other as friends
Users can send private messages to each other
You can add new features by adding third-party plugins
You’ll have plenty of design options with WordPress themes for BuddyPress
To get started, first you will need to install and activate BuddyPress plugin. For more details, see our step by step guide on how to install a WordPress plugin.
Upon activation, head over to Settings » BuddyPress page to configure plugin settings.
For complete step by step instructions see our guide on how to turn WordPress into a social network with BuddyPress.
Secure Your WordPress Intranet with All-in-One Intranet
If you are running a WordPress intranet on local server, then you can secure it by limiting access to internal IPs in your .htaccess file.
However, if you are running an Extranet, then your users may be accessing the intranet from different networks and IP addresses.
To make sure that only authorized users get access to your company intranet, you need to make your extranet private and accessible to only registered users.
For that, you’ll need to install and activate the All-in-One Intranet plugin. For more details, see our step by step guide on how to install a WordPress plugin.
Upon activation, head over to Settings » All-in-One Intranet page to configure the plugin settings.
First you need to check the box next to ‘Force site to be entirely private’ option. This will make all pages of your WordPress site completely private.
The only thing this plugin will not make private is the files in your uploads directory. Don’t worry, we will show you how to protect it later in this article.
Next, you need to provide a URL where you want users to be redirected when they are logged in. This could be any page on your intranet.
Lastly, you can automatically logout inactive users after a certain number of minutes.
Don’t forget to click on the save changes button to store your settings.
Securing Media Uploads on your WordPress Intranet
Making your website completely private doesn’t affect media files. If someone knows the exact URL of a file, then they can access it without any restriction.
Let’s change that.
For better protection, we will be redirecting all requests made to the uploads folder to a simple PHP script.
This php script will check if a user is logged in. If they are, then it will serve the file. Otherwise, the user will be redirected to the login page.
First you need to create a new file on your computer using a plain text editor like Notepad. After that you need to copy and paste the following code and save the file as download-file.php on your desktop.
1)))+array(NULL); $file = rtrim($basedir,’/’).’/’.str_replace(‘..’, ”, isset($_GET[ ‘file’ ])?$_GET[ ‘file’ ]:”);if (!$basedir || !is_file($file)) { status_header(404); die(‘404 — File not found.’);} $mime = wp_check_filetype($file);if( false === $mime[ ‘type’ ] && function_exists( ‘mime_content_type’ ) ) $mime[ ‘type’ ] = mime_content_type( $file ); if( $mime[ ‘type’ ] ) $mimetype = $mime[ ‘type’ ];else $mimetype = ‘image/’ . substr( $file, strrpos( $file, ‘.’ ) + 1 ); header( ‘Content-Type: ‘ . $mimetype ); // always send thisif ( false === strpos( $_SERVER[‘SERVER_SOFTWARE’], ‘Microsoft-IIS’ ) ) header( ‘Content-Length: ‘ . filesize( $file ) ); $last_modified = gmdate( ‘D, d M Y H:i:s’, filemtime( $file ) );$etag = ‘”‘ . md5( $last_modified ) . ‘”‘;header( “Last-Modified: $last_modified GMT” );header( ‘ETag: ‘ . $etag );header( ‘Expires: ‘ . gmdate( ‘D, d M Y H:i:s’, time() + 100000000 ) . ‘ GMT’ ); // Support for Conditional GET$client_etag = isset( $_SERVER[‘HTTP_IF_NONE_MATCH’] ) ? stripslashes( $_SERVER[‘HTTP_IF_NONE_MATCH’] ) : false; if( ! isset( $_SERVER[‘HTTP_IF_MODIFIED_SINCE’] ) ) $_SERVER[‘HTTP_IF_MODIFIED_SINCE’] = false; $client_last_modified = trim( $_SERVER[‘HTTP_IF_MODIFIED_SINCE’] );// If string is empty, return 0. If not, attempt to parse into a timestamp$client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0; // Make a timestamp for our most recent modification…$modified_timestamp = strtotime($last_modified); if ( ( $client_last_modified && $client_etag ) ? ( ( $client_modified_timestamp >= $modified_timestamp) && ( $client_etag == $etag ) ) : ( ( $client_modified_timestamp >= $modified_timestamp) || ( $client_etag == $etag ) ) ) { status_header( 304 ); exit;} readfile( $file );
Now connect to your website using an FTP client. Once connected, upload the file you just created to /wp-contents/uploads/ folder on your website.
Next, you need edit the .htaccess file in your website’s root folder. Add the following code at the bottom of your .htaccess file:
RewriteCond %{REQUEST_FILENAME} -sRewriteRule ^wp-content/uploads/(.*)$ download-file.php?file=$1 [QSA,L]
Don’t forget to save your changes and upload the file back to your website.
Now all user requests to your media folder will be sent to a proxy script to check for authentication and redirect users to login page.
4. Adding Forms to Your WordPress Intranet with WPForms
The main goal of a company intranet is communication. BuddyPress does a great job with activity streams, comments, and private messaging.
However, sometimes you’ll need to collect information privately in a poll or survey. You’ll also need to sort and store that information for later use.
This is where WPForms comes in. It is the best WordPress form builder in the market.
Not only it allows you to easily create beautiful forms, it also saves user responses in the database. You can export responses for any form into a CSV file.
This allows you to organize form responses in spreadsheets, print them, and share among your colleagues.
Extending Your WordPress Intranet
By now you should have a perfectly capable intranet for your organization. However, as you test the platform or open it for users, you may want to add new features or make it more secure.
There are plenty of WordPress plugins that can help you do that. Here are some tools that you may want to add right away.
Sucuri – To improve WordPress security by protecting it from unauthorized access and malicious DDoS attacks.
Envira Gallery – To create beautiful photo galleries.
Google Drive Embedder – Easily embed Google Drive documents anywhere in your WordPress intranet.
That’s all for now.
We hope this article helped you create a WordPress intranet for your organization. You may also want to see our comparison of the best payroll software for small business.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.