A Magento module to require login on your store

It is sometimes necessary to restrict access to a store for customer authenticated. This is needed for B2B websites for example. Here is a module that allows you to redirect anyone not connected to the login page.


Extension is available on GitHub: https://github.com/jreinke/magento-require-login

You have 2 ways to install it:

  1. Manual installation : download package here, unzip in Magento root folder, then clean cache.
  2. Installation with modgit:

    modgit -e README.md clone require-login https://github.com/jreinke/magento-require-login.git

    See a full example of how to use modgit here.


Go to “System > Configuration > Bubble RequireLogin”:

Magento Require Login

Of course, some routes must still be accessibles even if authentication is required. This is the case for password forgotten, password reset, account creation, etc. That’s why a whitelist parameter is available as a regular expression. Be careful when modifying it!

48 Responses to “A Magento module to require login on your store”

  1. masev says:

    Super utile en effet pour du B2B !

    Merci pour tous les modules que tu publies ces derniers temps, bien cool !

  2. Garry says:

    Hello Johann,

    If someone visits the store home page and is not logged in, I would like to have them redirected to the login page. Will this plugin do that?



  3. Hello,

    When trying to log in using Safari, I sometimes get redirected to a page like this: ://?SID=2a52afee5970e1064664aefee7c5b187

    I believe this has to do with this module, since I can’t find any help or idea’s when looking for Magento Login Troubles.

    Any word on if this is the case?

    Module works great otherwise. ;)

    Kind regards,

    • Johann Reinke says:


      Difficult for me to reproduce the issue. Can you give more info on how to reproduce this?

      • Hi Johan,

        Some general Info:

        1 Website
        2 Stores: B2B & B2C
        B2B Has login required, B2C does not and also has no catalog.

        The problem happens when the customer comes in from the splash page (outside of Magento installation folder). He gets the Login Form presented, fills in details and clicks submit. One of the following redirects will lead to “://?SID=2a52afee5970e1064664aefee7c5b187″.

        The only case this (sometimes) doesn’t happen if AFTER logging out the user immediatly clicks the ‘Log in’ link again. In about 70% of the cases, he wil log in correctly and get redirected to his Account page. But this does fail sometimes.

        If after logging out he visits any page and then tries to log in again (since the login form wil get presented anyway), it will result in the wrong redirect once again.

        Hope this helps some, thanks in advance anyway! ;-)

      • Mike says:

        I’m having a similar issue. Whenever a customer completes the login form, it directs them to https://localhost//://:/// (I force https, but this was happening before forcing https).

  4. Jon says:

    Encountered a similar issue:

    loginPost was redirecting to ://?SID=…

    except that it was happening systematically. Under Safari, users were even unable to login.

    Delete line 16:

    It should work.

    I struggle 2 days in a raw on this issue… Hope this helps others.

  5. David says:

    Hi Johann,

    First of all thankyou for the very nice and usefull extension for magento.
    I have a question: it’s possible to make visible the cms pages as like who_we_are or contact_page ?
    If yes how can they be added to the expression?



  6. Hello, we are running Magento CE I just installed your extension and when I access the admin panel….. System>Configuration> Bubble I get a 404 Error – Page not found in the right column. I can send you screen shots if needed. Thank you for any help!

  7. Doh! should have tried that. Thanks – it works now.

  8. Clément Crépin says:

    Bonjour Johann,

    Votre module est parfait pour le site B2B que je développe.
    Actuellement, j’aimerai pouvoir laisser accès à la page d’accueil.

    Après plusieurs tentatives infructueuses, je n’ai toujours pas réussi à trouver comment ajouter cette dernière dans l’expression régulière.

    Pourriez-vous m’aider ?

    D’avance merci,

  9. Thomas Heimann says:

    German Translation for Bubble RequireLogin
    (app\locale\de_DE\Bubble_RequireLogin.csv) :

    Maybe its usefull

    “Login Options”,”Anmeldeoption”
    “Require Login”,”Login erforderlich”
    “Require Login Whitelist”,”Login nicht erforderlich bei diesen URLs”
    “Regular expression that is used to match request strings that do not need customer authentication.”,”Regulärer Ausdruck für die URLs, die keine Authentifizierung benötigen.”
    “Full overview available”,”Komplette Übersicht verfügbar ”
    “Bubble RequireLogin is a module that can force user authentication in frontend.”,”Bubble RequireLogin ist ein Modul welches die Benutzeranmeldung im Frontend erzwingt.”

  10. Daniele says:

    Very interesting article, I downloaded the zip file with the content and I did copy the files inside my magento installation.

    After you have logged in I went into the configuration of my site and I will return this error: 500 internal server error.

    Could you give me a hand, to understand what’s the problem?

  11. Patrick says:

    Great module! I would like to include some CMS pages that are visible without the login. However, I can’t seem to find the best way to alter the regular expression. Any help appreciated!

  12. Patrick says:

    Whoops, already found the answer. Maybe it can help someone.


  13. Dean says:

    Fantastic module! Is it possible to make an exception for the hompage, so the visitor can see the hompage without the need to login?

    Any ideas?

  14. jeff says:

    Merci pour ton travail install parfaite

  15. Dev says:

    Its Great! But is it possible to make an exception for the hompage, so the visitor can see the hompage without the need to login?

  16. Johann Reinke says:


    Here is the syntax to include the homepage:


  17. John says:

    Copied into my test store and got this when trying to access Configuration section in the admin menus:

    Fatal error: Class ‘Bubble_RequireLogin_Helper_Data’ not found in /html/STORE/app/Mage.php on line 546

    I’m using version

  18. Kalan says:

    I’ve installed this, but it just goes into a page refresh loop at the login page. This stops happening when I disable the module.

  19. Lrkwz says:

    Do not forget to whitelist your IPN urls.





  20. Pete says:

    Good thing, thanks…
    But how do i add the wishlist to the whitelist?

  21. Bryan says:

    This is great! But is there a way to shift the whitelist to a blacklist, maybe? So that I can specify a particular section that needs to be passworded without having to whitelist the other pages?

  22. bhadresh says:

    Thanks…its perfectly work in magento 1.8…nice tutorial ..

  23. Gyptian says:

    Hello, thanks for this great module! It works great with 1.8. However, using the standard configuration, the API can’t seem to connect. For those who have this problem, simply add ‘|api’ at the end of the whitelist.

  24. jcuenin says:


    I have an issue regarding this extension.

    I am using another extension to allow suppliers to update informations on products so I need to allow the route /supplier/, how can I do that ?

    I tried modifying the existing whitelist but without success.

    Thank you in advance for your answer!

    • jcuenin says:

      My bad I just found the answer in the previous comments,

      As @Patrick said :


      So I replaced it with my page :


      And everything worked out :)

      Thank you for this great extension!

  25. shaik says:

    when i try to access api http://xxxx.com/api/v2_soap?wsdl=1

    redirecting to login page,how can i access api

  26. shaik says:

    i have an issue with this extension when i try to access magento api its redirecting to loging page.

    thank you

  27. Perry says:

    I’ve recently implemented that feature. But additionally I needed to show different prices for wholesale and retail customers. So I installed customer group catalog by amasty.

  28. Thor says:

    I am looking for a way that only I can add accounts for people to login. What would be the steps to accomplish this ?

  29. Fredrik Stertman says:

    Does it work with

  30. RCTech says:

    Work also on Magento
    Thanks fo nice extension!

  31. Mike says:

    I’m having an issue where ever since I installed this plugin, once a user logs in, it directs them to https://localhost//://:///

    Any idea?

  32. Nalin says:

    call to SOAP API’s are not working,
    I have added ‘api’ in the expression as below,

    I can see XML’s by using

    But gets following error while accessing soap API via coding
    SoapFault exception: [HTTP] Error Fetching http headers

    It runs fine if I Disable module from xml file

  33. John Francis says:

    I’m not a programmer so I need to know what to put into the “Require Login Whitelist” to have username=”riley” and password=”webstack”. I just want to protect store from entry.

    Thanks for your assistance

  34. asobari says:

    Dear Johann,

    First thanks for the module, it is working quite well.
    But my problem is a little bit complicated. I have multiple magento stores and I am using a single hosting and use addon domains. I’ve some ajax requests to get some blocks and for this purpose I’ve enabled cors. It is working well on Chrome but on Firefox when you have cors and do an ajax request when I’ve used your module, for all these requests the login page is also shown inside these blocks? So can you help me with this? Do you know this problem? I’ve checked all over the internet with no luck.
    For chrome the ajax request returns 200 OK.
    But for firefox it returns 302 Temp redirect and gets the login page for this store and show it inside every block for every ajax request?


  35. Abdul says:

    Please advise
    Password reset link redirects to login page, unable to reset password.

  36. Brother Mouzone says:

    Minor change, but I noticed that you cannot actually change your forgotten password in magento 1.9 since domain.com/forgottenpassword link that you get in the forgotten password email redirects to another page with url “changeforgotten” so my current filter look like:


Leave a Reply

* Required fields