How to hide WordPress from public view

Question

I have developed a site in PHP which uses WordPress to provide news article content. Both my application and WordPress code bases sit on the same physical box.

The application uses the WordPress loop to pull content from the WordPress back-end and display it within my application.

The content editors for the site require access to the Wordpress back-end to add, edit and remove content as required. WordPress is currently accessible via a sub-domain i.e blog.mydomain.com. However, I do not want to expose WordPress publicly as it is currently, firstly because I want WordPress to behave transparently and secondly I do not want to get penalized for duplicate content when ranking for SEO.

The obvious solution would be to lock down access based on the visitors I.P address, but this is not practical given that the content editors can (and do) access the site from anywhere and not a fixed set of I.P's.

Another solution would be for the content editor to submit a secret parameter in the query string to identify themselves as an administrator i.e &wpadmin=true. However this doesn't seem ideal either.

Is there some other way I could consider architecting the site, or provide some other more suitable access control mechanism for WordPress?

Answer 1

Have you considered simply slapping a htaccess password dialog into WP's root directory? That's close it to the world, and still make it available to who has the right login info.

The only downside would be that your editors would have to log in twice, but the web server login credentials can be easily stored in the browser.