WordPress – a powerful platform offering vast possibilities, you can only think of the number of things you can do with WordPress. Here, we are going to shed light upon the topic of WordPress intranet. Yes, you can create a WordPress intranet for your organization and needless to mention, that it’s private and secure!

First, what is Intranet and Extranet?

Intranet is a primary requirement of most organizations. It is basically a communication platform that helps the employees to share file, make announcements, send and receive messages and other organizational activities.

Likewise, extranet is an intranet based platform that can be accessed through a larger network or public internet. To put it simply, extranet can be a website that is publicly accessible but restricted to limited authorized users only. Extranet can be useful if your organization is spread across the length and breadth of geographical regions.

Why to use WordPress for Intranet?

WordPress is a powerful platform to fulfill the intranet needs of any organization. For all that WordPress is, it is user-friendly, easy to handle, an open source and above all, you have access to thousands of WordPress plugins to customize the software to suit your requirements.

How to set up WordPress Intranet and Extranet?

In order to set up WordPress extranet, you should have a domain name and a WordPress hosting account. Then, you can install WordPress to set up WordPress intranet for your organization. After installation, you’ll be required to convert WordPress into a communication system to suit your organization’s intranet needs.

This will call for installation of several WordPress plugins. In this guide, we’ll help to set up your basic intranet needs that you can further enhance to meet your organization needs.

BuddyPress

To begin with, allow us to introduce you to BuddyPress. BuddyPress is a sister project of WordPress which is designed to convert your website into a social network. It can come across as an influential tool for setting up intranet. BuddyPress also gives you a number of design options for setting up themes.

Here are some of the things that you can achieve with BuddyPress intranet:

• Invite employees and other users for registration on your organization intranet;
• Create groups within the organization to group departments or teams;
• Registered users can create extended profiles, follow each other as friends or send private messages to one another;
• Its activity stream features will help its users to stay updated with the latest happening on Facebook and Twitter; etc.

How to secure your WordPress Intranet?

While setting up WordPress Intranet for your organization, you need to be sure about security. In which case, if your WordPress intranet is running on a local server, you can always limit the access to internal IPs only. But in case you are running an Extranet, then the users will be diversified, and so will be the networks and IP addresses. Thus, in order to guard the walls in case of extranet, you’ll have to make your extranet private so that only registered users can have access to it.

All-in-One

Here comes the need for the All-in-One intranet plugin to secure your extranet network. Install the plugin, activate it and move to Settings » All-in-One Intranet page and modify the settings as mentioned below:

• First of all, tick the box saying ‘Force site to be entirely private’ option. Selecting this option will make all the pages absolutely private, except the files that you upload directly. We will be describing about how to protect these files as well later below.

• Next step is to add the URL of the page where you want your visitors to land after logging in. It can be any page of your WordPress website.

• As a last step, you can define the number of minutes after which you want to automatically log-out your visitor.

• Click save changes to store your settings.

How to secure media files on WordPress Intranet?

While you have made your site private as shown above, the media files uploaded by anyone are not absolutely secure. The reason being, if someone has access to the exact URL of a particular file, he can have full access to it without any security.

In order to change that, we can redirect all upload requests to a simple PHP script. Basically this PHP script will check if the visitor is logged in before uploading, and if not, it will automatically redirect him to the login page.

• Create a new file using a plain text editor, viz. Notepad.
• Copy and paste the below mentioned code in the new file and save the file as download-file.php on your computer.
[php]
<?php
require_once(‘wp-load.php’);

is_user_logged_in() || auth_redirect();

list($basedir) = array_values(array_intersect_key(wp_upload_dir(), array(‘basedir’ => 1)))+array(NULL);

$file = rtrim($basedir,’/’).’/’.str_replace(‘..’, ”, isset($_GET[ ‘file’ ])?$_GET[ ‘file’ ]:”);
if (!$basedir || !is_file($file)) {
status_header(404);
die(‘404 — File not found.’);
}

$mime = wp_check_filetype($file);
if( false === $mime[ ‘type’ ] && function_exists( ‘mime_content_type’ ) )
$mime[ ‘type’ ] = mime_content_type( $file );

if( $mime[ ‘type’ ] )
$mimetype = $mime[ ‘type’ ];
else
$mimetype = ‘image/’ . substr( $file, strrpos( $file, ‘.’ ) + 1 );

header( ‘Content-Type: ‘ . $mimetype ); // always send this
if ( false === strpos( $_SERVER[‘SERVER_SOFTWARE’], ‘Microsoft-IIS’ ) )
header( ‘Content-Length: ‘ . filesize( $file ) );

$last_modified = gmdate( ‘D, d M Y H:i:s’, filemtime( $file ) );
$etag = ‘"’ . md5( $last_modified ) . ‘"’;
header( "Last-Modified: $last_modified GMT" );
header( ‘ETag: ‘ . $etag );
header( ‘Expires: ‘ . gmdate( ‘D, d M Y H:i:s’, time() + 100000000 ) . ‘ GMT’ );

// Support for Conditional GET
$client_etag = isset( $_SERVER[‘HTTP_IF_NONE_MATCH’] ) ? stripslashes( $_SERVER[‘HTTP_IF_NONE_MATCH’] ) : false;

if( ! isset( $_SERVER[‘HTTP_IF_MODIFIED_SINCE’] ) )
$_SERVER[‘HTTP_IF_MODIFIED_SINCE’] = false;

$client_last_modified = trim( $_SERVER[‘HTTP_IF_MODIFIED_SINCE’] );
// If string is empty, return 0. If not, attempt to parse into a timestamp
$client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0;

// Make a timestamp for our most recent modification…
$modified_timestamp = strtotime($last_modified);

if ( ( $client_last_modified && $client_etag )
? ( ( $client_modified_timestamp >= $modified_timestamp) && ( $client_etag == $etag ) )
: ( ( $client_modified_timestamp >= $modified_timestamp) || ( $client_etag == $etag ) )
) {
status_header( 304 );
exit;
}

readfile( $file );
[/php]
• Fire up the FTP client to access your website.
• Now, upload the .php file you just created to the folded location: /wp-contents/uploads/ folder
• After that, edit the .htaccess file root folder and add this code at the bottom:
[php]
RewriteCond %{REQUEST_FILENAME} -s
RewriteRule ^wp-content/uploads/(.*)$ download-file.php?file=$1 [QSA,L]
[/php]
Save changes and upload the file back on your site.

This way, all user requests for media uploads will be sent to a proxy script for verification and those who are not logged in will be re-directed to the login page.

How to add WPForms to your WordPress Intranet?

While BuddyPress will serve as a perfect answer for all activity streams, or private messages, however at time, the organization requires to obtain some private information like a poll or a survey. Further, the information so collected will also have to be sorted and stored for future reference.
Here comes WPForms to the rescue.

WPForms will help you to create forms easily and quickly. Moreover, it can also save the responses so collected in the database that can be exported any time into a CSV file. Thus, you can organize the responses, print them, and do many more things with this data.

These are some of the WordPress plugins that you can use for setting up the WordPress intranet for your organization. But this is just the beginning. As you test the platform practically with your users, you will get a hands-on insights about the shortcomings, the new features that you require or the need to make it more secure. You can achieve every problem with the vast pool of WordPress plugins available at your discretion.

Some of the plugins that you can readily use are Sucuri which provide security against unauthorized access and malicious attacks, Envira Gallery for creating amazing photo galleries, Google Drive Embedder for embedding Google Drive documents and many more. The more you explore, your WordPress intranet will improve further.

We hope the above information will help you to set up WordPress intranet for your organization!