Thanks!

One more update. I used the following code and deactivated the force login plugin. The use case scenario that I have identified in my prior note now seems to work.

Here is the code. Can you tell me if its ok based on what I have shared above. Also, per my last message, is it possible to hide the WP-content/uploads folder. I know that you said it does not scale. Not sure what that means. I found this: https://www.getastra.com/blog/cms/wordpress-security/hide-wp-includes-wp-content-uploads-from-your-wordpress-site/

<?php
/**
 * Make a WordPress site Private, works with/Without BuddyPress
 *
 * @author sbrajesh
 * @global string $pagenow
 *
 */
function buddydev_private_site() {

	//do not restrict logged in users
	if ( is_user_logged_in() ) {
		return ;
	}
	//first exclude the wp-login.php
	//register
	//activate
	global $pagenow;

	//if we are here, the user is not logged in, so let us check for exclusion
	//we selectively exclude pages from the list

	//are we on login page?
	if ( $pagenow == 'wp-login.php' ) {
		return ;
	}

	// Exclude some page.
	$excluded_pages = array( 'privacy-policy' ); //add all your pages that you want to exclude.

	if ( is_page( $excluded_pages ) ) {
		return;
	}

	//handle Special case of BuddyPress registration/Login
	if ( function_exists( 'is_buddypress' ) && is_buddypress() ) {

		if ( bp_is_activation_page() || bp_is_register_page() ) {
			return ;
		}
	}

	$redirect_url = wp_login_url( site_url('/') );//get login url,

	wp_safe_redirect( $redirect_url );
	exit( 0 );
}

add_action( 'template_redirect', 'buddydev_private_site', 0 );

Do i need to use the plugin force login then? Essentially what we want to have happen is that when someone visits https://narrativeatlas.org….if directs them to https://narrativeatlas.org/wp-admin…..our login page? Looks like your code does that already?