Login Only - Does it actually stop all traffic access without login?

agemo · December 10, 2025, 10:54pm

Based on concerns and dealing with issues raised here over time (which from reading is systemic across the web the last few months) and facing new waves of this stuff.

I tested Login Only, but noticed these AI bot waves hitting all kinds of discourse resources/paths, and potentially getting served a page/contents

Can anyone confirm if Login Only is a total block or not?

Also is there another potential entry angle via a Cloudflare cache interplay when, even when purging all caches, post Login Only state or does that solve the potential issue or only mitigate it until the cache is rebuilt?

awesomerobot · December 12, 2025, 4:44pm

Which paths specifically? anything that gets hit should redirect to login.

Yes, login only means the only way you can access the site is by logging in. It’s still possible to get some bot traffic to the / or /login routes, because those need to be public to allow humans to log in, but it will be restricted to those routes.

Topic		Replies	Views
login_required even redirects robots.txt to /login Bug	3	1011	October 15, 2015
Seeing anonymous user and crawler traffic, even though site is private Data & reporting	3	891	September 9, 2021
Why do anonymous page views accumulate on login-only forum? Data & reporting	4	729	November 25, 2021
Login Modal not shown when login page is accessed directly in a private forum Feature	15	2031	May 9, 2019
Login and Logout Errors from Cache Settings Conflict with Cloudflare Support cloudflare	32	224	February 6, 2025

Login Only - Does it actually stop all traffic access without login?

Related topics