Last updated: June 18, 2018
How To Build An Intranet With WordPress
Disclosure: Your support helps keep the site running! We earn a referral fee for some of the services we recommend on this page. Learn more
Intranets allow employees to access business information on a closed system. The system is accessed via a web browser, but it's locked down so that non-employees can't access it.
Some intranets consist of 'read only' information, like company policies, while others include sharing features and team working tools. For the purposes of this guide, we're looking at an intranet to disseminate information and encourage co-worker communication.
WordPress is a great choice for intranet development, since it has many of the components you'll need baked into the core code. For example, it has a good user account system, and a user-friendly backend for team content management. WordPress can be augmented with plugins to add new functions, so you can tailor your intranet to your own business needs.
What Will Your Intranet Look Like?
Developing an intranet is a little different to developing a regular website. There are technical differences, and differences in the features you'll need to provide. For example, you won't need to be concerned with SEO, since the majority of your content will be hidden away behind a login screen. At the same time, you might need to focus more on security and user roles than you would on a public-facing website.
Before you start setting up WordPress, think about the features you'll need, and the ones you won't:
- How much information are you going to hide behind a login screen? You might need to hide all of it from public view, with just a front page available to the public. This is quite difficult to achieve without a plugin.
- How do people log on to your business network? For convenience, can you use the same login details? Your service desk will thank you, if you can.
- Are there any information security requirements you need to follow? Employees need to know what can and can't be shared; you might need to provide help text to make it crystal clear.
- How does the business share information with employees? Can you replicate those documents on the intranet site, so things are shared centrally?
- Do you have remote offices? Would your users benefit from seeing profiles of far-flung co-workers?
- Does the business have branding guidelines that you need to follow? What about image policies, linking policies, and accessibility guidelines?
Taking a Short Cut
If you want to throw up a general purpose intranet very quickly, you can just grab an intranet plugin for WordPress. These only offer the basics, but they might be acceptable for a small intranet site:
- All in One Intranet: secures your WordPress site and creates login redirects, all in one plugin.
- Intranet Plus: adds a simple, single-page area within WordPress with basic intranet features.
In most cases, you'll need to build something a little larger and more complex by combining different plugins.
Building Your Intranet
Once you've installed WordPress on your business' server, go to Settings, then Reading, and check the Discourage search engines from indexing this site checkbox. This setting adds a line to your robots.txt file that discourages crawlers from indexing your site. Intranets don't need to be located in search in most cases, and checking this box can prevent a certain amount of unwanted traffic from even knowing it exists.
Next, you need to look at the components of your intranet site, and figure out which plugins you'll need to bring everything together. In the sections below, we'll run through some of the typical components that intranets have, along with plugins to help you achieve that functionality.
Making Intranet Content Private
Most intranets are locked down to employees only. By default, WordPress operates by making everything public, and then allows editors to set a flag on individual items that should be private. For an intranet, this is an impractical way of administering things. It's only a matter of time before someone forgets to set a page as private. So you need to turn it around, and make it private by default. Here are a coupe of plugins to help:
- Page Security & Membership: this plugin lets you create groups of users, and then give them permissions for particular sections of your intranet site. You can make your entire site private, or restrict certain categories. It includes a baked-in group for Registered Users, so it's easy to restrict content to staff while offering a public-facing front page, for example.
- Restricted Site Access: this plugin lets you restrict logins to particular IP addresses, which is really useful when building an intranet. You can also choose what happens when someone logs in, including displaying a message, or redirecting them to certain pages. Bear in mind that the downside of this plugin is that it'll prevent remote workers from logging in, unless they use a company VPN. So if you have a lot of home workers or remote sales staff, it may cause more problems than it solves.
Securing Intranet Data
Poorly secured business data is a tempting prospect for hackers, and a repository of sensitive documents is likely to draw unwanted attention. Even if you don't think there's anything valuable on your intranet for a hacker to find, it only takes one curious sneak to corrupt files, steal email addresses, and create a general information security problem. In some cases, small businesses work with much larger clients, so an insecure intranet site could act as a useful back door for a determined intruder.
Just like a regular WordPress site, a WordPress intranet needs to be protected against these threats:
- Idle User Logout: a useful plugin that logs users out of a WordPress site after a period of inactivity. This can help to ensure sessions aren't left logged on when a user leaves at the end of the day.
- Bulletproof Security: harden the security on your intranet with this plugin.
- Only One Device Login Limit: prevent users from logging on with multiple devices at the same time. This could have usability implications for some people, but on the other hand, it could prevent a malicious person from hijacking a login that's already in use.
- Clef Two-Factor Authentication: adds additional security without passwords, by using the Clef mobile app for login. Scan the code to gain access to the intranet.
- Google Authenticator: two factor authentication using phone, with a backup login method of either email or security questions. The two factor login can be enabled for selected roles, which makes it useful for securing only the accounts with higher permission levels.
Logging In to the Intranet
Your users probably already have a network username, an email login, or potentially both. If you can integrate either one of these existing logins with your intranet, you'll make it much easier for them to access it. Additionally, your service desk won't have to maintain WordPress logins for each user, which makes life much easier for them, and for the end users too.
- Active Directory / LDAP login for Intranet Sites: LDAP is used to authenticate users on Windows machines using Active Directory. This plugin offers the same functionality for your intranet.
- Google Apps Login: log in your users with Google Apps. This plugin is compatible with a G Suite file sharing plugin, which we'll look at later.
- GP Google Login: another Google login plugin.
You can also improve the login experience by thinking about what people want to see when they log in. Your users will be taken straight to the WordPress admin area by default, but you probably want to keep people on the main site as much as possible to make the process less confusing. A login redirect plugin like Peter's Login Redirect will bring people back to the homepage on login, or redirect them to a custom page that you define.
Improving User Roles
Out of the box, WordPress has five user roles. When setting up an intranet, you will probably find that you need more granular control. For example, you might want a role for team leaders, one for floor supervisors, and one for content managers, each with a different permission set.
Fortunately, it's relatively easy to create and manage roles with User Role Editor. Just make a copy of a role, re-name it, and then select the permissions that role should have.
Once you have your user roles set up, you can present your intranet differently to different user roles. The Role Based Help Notes plugin is particularly useful for intranets, since it displays different help content for different roles. That means you could have one set of help notes for your content editors, another for team leaders, and another set for regular users.
WordPress already has a pretty good system for adding, editing, and moderating content. You can use roles to your advantage when it comes to populating your site, and delegating control of certain areas. You probably don't want every single user to have permission to modify intranet content, and you may not want your entire editing team to have access to everything. But there will be certain areas where user-submitted content is necessary, so you need to think about the easiest way to achieve that.
Rather than training everyone on the use of the WordPress editor, you could place a content submission form in a page and simplify the process of adding new posts. Again, this is a good way of keeping people on the main intranet site, and away from the admin area of WordPress where they might stray into the wrong place. Having tried out several plugins that simplify this, our favorite is still User Submitted Posts. It lets you embed a content submission form on any page.
Branding Your Intranet
Aside from picking a theme for your intranet, and customizing the colors, you might want to rebrand WordPress to make it look more corporate. Here are three straightforward plugins that allow you to do that:
- Add Logo to Admin: add your business' logo to the admin area of WordPress. This isn't a dealbreaker, but it's a nice touch for an intranet site, and helps to reassure users that they're in the right place.
- WP Custom Admin Login Page logo: change the logo on the admin page, load custom CSS, and add additional welcome text above the login form.
- Customize Login Image: another login form CSS and image customization plugin.
- Accessible Poetry: add accessibility features to any WordPress website, including a font size changer, contrast switcher, and automatic skiplink generation. This plugin will also find missing ALT text on images, or force ALT text where it's missing.
- SOGO Accessibility: add an accessibility button to change font size, contrast, link underlining, and more.
In addition to ensuring your site is accessible to the disabled, you may need to consider employees who aren't using the latest tech. In some work environments, computers are many years out of date, and may be running old web browsers that struggle to render complex web pages. If you aren't completely sure that your users have up-to-date hardware and software, consider using Simplified Content. It's ideal for any site where there is legacy IT in use.
Creating an Employee Directory
Your intranet can keep employees connected by giving each person a profile page. With WordPress, it's very easy to do this, because the system already has a profile for each person. The plugins below build on this functionality, with additional fields and a layout suitable for intranet use.
- Simple Intranet Directory: adds a list of user profiles with photos, an events calendar, and a search box.
- Geo IP Detect: queries the Maxmind GeoIP2 databases for any user's location, and allows you to place the information on your intranet site.
- Google Apps Directory: builds an employee database from your Google Apps domain. Includes a search function.
- Employee Directory: includes profiles, search, and additional taxonomies for your profile pages. You can also use sidebar widgets to display featured staff, or recent visitors to the intranet.
- Brag Box: let your co-workers share the love by posting compliments about each other.
This section is about sharing documents in a read-only format, rather than sharing them for collaborative work. After all, your company probably already has some kind of collaborative working platform. On the intranet, it's about getting policies and updates out to everybody at the same time.
You might want to create new content pages for all of your policies, but it's sometimes easier to embed the original version on your page. You need to think about how those documents are produced, who produces them, and how you're going to display them within WordPress. Consider the format of your original documents, and the ease of keeping the intranet up to date.
- Remote Content Shortcode: pull in content from another website using a shortcode in a post or page. This plugin can be used to pull content into the intranet from another website, or vice versa.
- Google Drive Embedder: allows your editors to embed any G Suite document into your WordPress intranet site. This plugin must be used with the Google Apps Login plugin.
- Google Doc Embedder: this plugin uses the Google Drive viewer to embed files into a WordPress site. Optionally, you can also offer the documents for download. A great solution for organizations that are already using G Suite.
- WP File Search: makes all of the files in the WordPress Media Library searchable, using the regular search box. Supports PDF, DOCX and ODT.
Plugins For Extranets
If you want to bring your clients into the equation, you need an extranet: a closed system that you can open up to your clients. The process of building an extranet is similar to building an intranet, but you'll probably need to be more cautious about user roles and privacy aspects. There are some WordPress plugins that will give you a pre-configured extranet site, so these may be worthy of consideration too:
- Client Suite: adds a secure area within your site so you can share files with your clients. While this isn't a complete extranet, it does support different locations, so could be adapted for different requirements.
- Project Panorama: this plugin adds project management tools to a WordPress website, including file sharing and time tracking.
- Clinked Client Portal: this plugin offers project management with features you'd associate with an intranet. You can share and collaborate on files, start discussions and organize events.
WordPress is a versatile piece of software that can be used for many different tasks. Its built-in role system makes it ideal for collaborative content management, and you can enhance the built-in profiles to include additional business-centric information.