I’ve been wondering about this for a while. Is the following if statement safe enough? Is it easy to break through the code and get access to the content when not logged in?
<?php if ( is_user_logged_in() ) {
// SECURE CONTENT
} else {
// LANDING PAGE
} ?>
Well, you have to ask yourself “Secure enough for what?” I doubt you are a bank or other institution that needs exceptionally high security. If you were you’d a team of $100,000+ per year experts to answer this question for you.
With that in mind…
You’d have to subvert the WordPress login system to get past that code. I am sure that is possible but if your passwords are solid it should be pretty difficult. It isn’t going to be a “put a null-byte in the query string” kind of a hack. It should be secure enough for most purposes.
On thing to worry about is that both is_user_logged_in, and wp_get_current_user upon which it depends, are both pluggable (nonsensically so to my mind) meaning that a malicious plugin, or just a badly written one, could completely destroy your security.