Limit site access to logged in users


I’m experimenting with grav on public website. I don’t want users other than myself to be able to see the test pages, only the home page, or for them to see the naviation menu. I have created an administrators group, added the admin login I use to it, and also added a section for access. But a non-logged in user still sees all pages and all nav menu items. What am I doing wrong?

this is my groups.yaml

icon: users
readableName: ‘Registered Users’
description: ‘The group of registered users’
login: true

groupname: administrators
readableName: Administrators
description: ‘The group of administrators’
icon: child
login: true
login: true

administrators: true


@bolide Did you add the following frontmatter to the page(s) you want to be private?

    site.login: true

This will popup a login screen when the user in not yet authenticated.


If you want to lock out the whole site, the simplest is to just slap an .htpasswd on the whole site and be done with it. That way, when you’re ready to go live, you only have to change that one thing.


And long term, have a dev site that’s protected that Devs work on and then use GitHub or something similar to sync the dev with the prod site.


Thanks for all of that. I hadn’t figured out how to access the frontmatter property that I’d read about until now. So at least I can do the page by page setting.

I will check out the .htpasswd approach, it it more likely to be the more suitable approach.

I guess what I’m looking for is something parallel to what many other cms have with is putting the site into maintenence mode. An admin can get it but no one else. Grav doesn’t have a simple config setting like that, as far as I can see?


Be sure to explore the plugins page.

There is indeed a Maintenance mode plugin.


Right…the plugins page…I installed a bare bones Grav via
softalicious just to try it out quickly.

Thanks again for your help.