What Are The Best Practices To Restrict Access To My Website Except For Two Pages

I'm building a website on Wordpress with Bedrock/Timber/ACF. This site is restricted for a big major part of it.

There is 4-5 pages available for anonymous users (home, contact, login & legal/privacy policy pages).

I'm currently managed it with Timber routing with like:

Routes::map('/blog/page/:num/', function ($params) {
    if (!is_user_logged_in()) {
        wp_redirect(home_url().'/login');
        exit();
    }
    $user = wp_get_current_user();
    if ($user->roles[0]=="subscriber") {
        $post_type="publish";
    } else {
        $post_type="any";
    }
    $query = 'order=ASC&orderby=title&paged='.$params['num'].'&post_status='.$post_type;
    Routes::load('list-blog.php', $params, $query, 200);
});

However I don't know if it's the good way to do it because I can't use wordpress template hierarchy, on the admin side everytimes I want to create a new page I have to create the road...

So my solution is not flexible and hard to maintain...

Do you have some advices?

EDIT: I almost removed all my routes by using wordpress template hierarchy. But I still have routes link to the login page because I don't want to have mysite.com/wp/login but mysite.com/login.

I would use array_key_exists instead of checking for the first var because there a situation that the subscriber role is second.

If you are using ACF you could try to add a checkbox field to your pages and query for the variable of the field.

https://www.advancedcustomfields.com/resources/query-posts-custom-fields/

Routes::map('/blog/page/:num/', function ($params) {

    if (!is_user_logged_in()) {
        wp_redirect(home_url().'/login');
        exit();
    }

    $user = wp_get_current_user();  
    $post_type = array_key_exists("subscriber", $user->roles) ? "publish" : "any";

    $query = 'order=ASC&orderby=title&paged='.$params['num'].'&post_status='.$post_type;
    Routes::load('list-blog.php', $params, $query, 200);
});