Skip to Content

How to Unpublish a WordPress Website — Easy, Right?

How to Unpublish a WordPress Website — Easy, Right? gives you a “coming soon” option. It’s in the privacy section. If you’re self-hosting WordPress, welcome to the world of doing everything yourself.

To unpublish your site without deleting it, you can’t just set it to be private.

There is an option to “encourage” search engines not to index your content. It’s like saying please. There’s no guarantee you’ll get what you ask for.

Well, WordPress won’t guarantee it.

There are ways you can though.

Read on to find out the various ways to make your site a fortress without deleting a thing.


How to Unpublish a WordPress Website

The bulk edit function can change published to draft in a few clicks. Password protecting at server level blocks access to people and bots. Adding a maintenance plugin lets you show search engines a 503 error, or, the extreme is to blacklist all (but your own) IP addresses in the .htaccess file.



The Fastest Way to Unpublish Pages and Posts

Use the bulk actions edit feature for both your pages and your posts.

Click pages, then click on “bulk actions”.

From the dropdown menu, select “edit”, then click apply.

All the selected pages or posts will be shown.

Where it says “status”, change that from “no change” to “draft” and all the selected pages or posts will move from published to draft and be saved for revisions.

Moving posts to drafts automatically unpublishes them.


Password Protect Everything at the Server Level

The surest way to unpublish a WordPress website that’s self-hosted (not on is to password protect your directory.

If you have more than one website, make sure you’re locking down the right one.

Login to your cPanel account, scroll to the “files” section, then click “Directory Privacy”.

You’ll be shown a list of all the directories on your hosting account; one for each site you own.

There’s a column to show if it’s private or not. And an “edit” button to change the privacy setting.

Click on edit, and the next page is where you make your privacy changes.

Check the box to “Password protect this directory”, give it a name so you know what it’s for, then press save.

Be cautioned though…

At the server level, you’re blocking everything.

Search engine bots can’t crawl your site to see that pages are marked for revisions.

They just hit a protected page and get bounced away like every other visitor without the password to get in.


Password Protect Individual Posts and Pages

If there’s only a few pages giving you grief but you don’t want to unpublish everything, give your troublesome content a password.

Anything behind a password can’t be viewed publicly nor can it be indexed by search engines either because bots can’t get past your security.

To password protect a page or post, click “all pages” select “quick edit” and type in a password.


Install the “Maintenance” Plugin

Go to your plugins page, click “add new” and type “maintenance” in the search field.

The plugin to install is the “Maintenance” plugin by “WebFactory LTD”.

This can unpublish your entire site in a few clicks and lets you customize it with a landing page.

Better yet, you can enable a 503 status error to let search engines know the site is ‘temporarily unavailable’.

Using a ‘Coming Soon’ page doesn’t issue a status code so the content from that could still be indexed and listed in search engines.

It’s better to bounce a search bot away from your site instead of having it crawl a coming soon page that won’t have much content, let alone relevant content.

Tell bots the same as your visitors. Your site’s currently unavailable. Try again later.

There are a few tweaks you can make. One of the favorable ones would be taking advantage of the exclude pages from maintenance mode option.

You can customize the text, including placing links on the landing page.

Rather than set this just to tell people to try again later, you could encourage them to check out your about page, see the upcoming sales or events, or sign up to get an exclusive coupon code the instant the website goes live.

On the free version, you can edit the text, include hyperlinks, and exclude specific pages or posts by ID.

For lead gen, you’d need to direct users to another landing page that had your autoresponder connected.

On the Pro version, you can use their page templates with autoresponder and CRM integration.

Another plugin that works similar is the SeedProd plugin.


Unpublish a Website with .htacces

The .htaccess file is so important to your website that your web host hides the file.

To access it, you need to enable “show hidden files” from within your file manager in cPanel.

Open file manager, click the settings in the top right corner and select the option to “show hidden files”.

Know this though… .htaccess (hypertext access) files can (and should be) separate for every subdirectory below your subdomain.

These are server configuration files. Changing this, changes your server configuration. Get it wrong, nothing or nobody will can access your site.

You should have one for your root directory, another for your wp-admin.

If you want to unpublish your website without deleting it, you can use the .htaccess file to block every IP address in the world… apart from your own.

Then your blog’s like your own private journal.

The snippet to add to your .htaccess file is

order deny,allow

deny from all

allow from ###.###.#.#

The # symbols would be replaced by your own IP.

Don’t edit this in file manager. Download the file, save the original, make a copy and make your edits on that.

Just one wrong symbol, letter, or number in the .htaccess can break your site. You’ll need the original to restore it.

Any other IP addresses you want to whitelist goes below that IP on a new line with the same “allow from ###.###.#.#” string.

With only the one IP whitelisted, you could only access the site from one location.

If you travel to work from a coffee shop, or a friend’s house, or you want to log in from the office instead of your home (or vice versa) you’ll need to change the .htaccess permissions for every IP you want to use to log in.

If you do choose this method to unpublish your site while you’re working on improving it, don’t delete your file entirely when you do eventually publish again.

You can cut the IP addresses from the .htaccess file in your root directory and paste them into the .htaccess file for your wp-admin directory.

That way, your site’s blocked to everyone while you’re getting it ready, then when it is, your WP admin (login screen) will only be accessible to you.

Or whoever else you whitelist by adding their IP address.