I have a custom log-in form on a custom page that handles all logging in/out. The form posts to wp-login.php as required.
<form name="loginform-custom" id="loginform-custom" action="http://localhost/wp-login.php" method="post">
All invalid log-in attempts are handled by this following script in the functions.php file:
/**
* Redirect user on invalid log-in attempts
*/
function login_failed() {
wp_redirect( home_url('/access-denied') );
exit;
}
add_action( 'wp_login_failed', 'login_failed' );
function verify_username_password( $user, $username, $password ) {
if( $username == "" || $password == "" ) {
wp_redirect( home_url('/access-denied') );
exit;
}
}
And I use the following script in my functions.php file to redirect all non-admins away from wp-admin to a 404 page.
function restrict_admin_with_redirect() {
if ( ! current_user_can( 'manage_options' ) && ( ! wp_doing_ajax() ) ) {
wp_redirect( site_url('/404') );
exit;
}
}
add_action( 'admin_init', 'restrict_admin_with_redirect', 1 );
However, here is my problem. When non-users (random visitors) try to access wp-admin, they are taken to the access denied page despite the redirect script to 404. For some reason, whenever anybody tries to access wp-admin, the server treats it as a log-in attempt and when they are (of course) denied log-in, they are redirected to the access denied page.
Is there any way I can force a 404 when wp-admin is accessed by a user? Also, I'd like a true 404 and not a redirect to a 404 page (which is not a true 404).
Thoughts?
Is there a way to force anyone (users and non-users) to a 404 when they try to access wp-admin? In the action script above, even if I redirect non-admins to a 404.php page, non-users still get sent to the standard access d
Consider this solution from Ragu.cz.
https://wordpress.org/support/topic/make-wp-admin-throw-a-404-page-or-something/#post-8565864
add_action( 'init', 'force_404', 1 );
function force_404() {
$requested_uri = $_SERVER["REQUEST_URI"];
do_action('debugger_var_dump', $requested_uri, '$requested_uri', 0, 0);
do_action('debugger_var_dump', strpos( $requested_uri, '/wp-login.php'), 'FOUND?', 0, 0);
if ( strpos( $requested_uri, '/wp-login.php') !== false ) {
do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
// The redirect codebase
status_header( 404 );
nocache_headers();
include( get_query_template( '404' ) );
die();
}
if ( strpos( $requested_uri, '/wp-login.php') !== false || strpos( $requested_uri, '/wp-register.php') !== false ) {
do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
// The redirect codebase
status_header( 404 );
nocache_headers();
include( get_query_template( '404' ) );
die();
}
if ( strpos( $requested_uri, '/wp-admin') !== false && !is_super_admin() ) {
do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
// The redirect codebase
status_header( 404 );
nocache_headers();
include( get_query_template( '404' ) );
die();
}
do_action('debugger_var_dump', 'END', 'END', 0, 0);
}
Related
On my wordpress site I have changed my search slug from ?s=some-word into /search/some-word with this part of code:
function change_search_slug() {
if ( is_search() && ! empty( $_GET['s'] ) ) {
wp_redirect( home_url( "/search/" ) . urlencode( get_query_var( 's' ) ) );
exit();
}
}
add_action( 'template_redirect', 'change_search_slug' );
Everything is working fine, but I get a redirection 302 from my-site.com?s=some-word into my-site.com/search/some-word. I am wondering if there is a way to make only one request without the redirection.
Thanks in advance for help :)
in my functions.php i have a redirect after login. currently this:
add_action( 'template_redirect', 'wpdm_login_redirect' );
function wpdm_login_redirect(){
if( is_user_logged_in() && get_the_ID() == get_option('__wpdm_login_url') ):
wp_redirect( home_url('/dashboard') );
exit();
endif;
}
this works as expected, but i need to combine it with a redirect to a different page if the browser language is detected as italian, so an if ($lang=="it_IT") redirect to home_url('/area_personale'), and everyone else to '/dashboard'
i'm very new at this, so my problem is how to get this language stuff into my existing login redirect. or maybe there is an 'easier' way to go about this? any guidance most appreciated!
This should do the trick.
add_action( 'template_redirect', 'wpdm_login_redirect' );
function wpdm_login_redirect(){
$language = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
if( is_user_logged_in() && get_the_ID() == get_option('__wpdm_login_url') && $language == "it_IT" ):
wp_redirect( home_url('/area_personale') );
exit();
else:
wp_redirect( home_url('/dashboard') );
endif;
}
I have one website www.example.com it has 5 pages lets say
www.example.com
www.example.com/about-us
www.example.com/terms-of-use
www.example.com/privacy-policy
www.example.com/apps
Now in the last page which is www.example.com/apps, I want following code to be executed in apps landing page:
$user_agent = $_SERVER['HTTP_USER_AGENT'];
if(strpos($user_agent, "Win") !== FALSE){
$url = "http://www.example.com";
}elseif(strpos($user_agent, "Mac") !== FALSE){
$url = "https://itunes.apple.com/us/app/exmaple/idwewew?ls=1&mt=8";
}elseif(strpos($user_agent, "Android") !== FALSE){
$url = "https://play.google.com/store/apps/details?id=com.example";
}
wp_redirect($url, 302); exit;
Which means If user access this page from windows device it will redirect user to home page, if user access this page from android device then goes to google play store and similarly for iOS device...
Now when I put this code in edit page, it wont work...I am using PHP Code Widget plugin
Please help...
Try doing something like this (without PHP Code Widget at all):
// functions.php
function my_page_template_redirect()
{
if ( is_page( 'apps' ) )
{
$user_agent = $_SERVER['HTTP_USER_AGENT'];
if ( strpos( $user_agent, "Win" ) !== false ) {
$url = "http://www.example.com";
} elseif ( strpos( $user_agent, "Mac" ) !== false ) {
$url = "https://itunes.apple.com/us/app/exmaple/idwewew?ls=1&mt=8";
} elseif ( strpos( $user_agent, "Android" ) !== false ){
$url = "https://play.google.com/store/apps/details?id=com.example";
}
wp_redirect( $url, 302 );
exit();
}
}
add_action( 'template_redirect', 'my_page_template_redirect' );
P.S. I didn't test this code, so, please let me know how it works for you.
I am printing a custom login form with my custom theme, but when I submit the user credentials, I always get an error - even if they're correct.
Here is my functions.php:
function rockport_login_fail( $username ) {
$referrer = $_SERVER['HTTP_REFERER']; // where did the post submission come from?
// if there's a valid referrer, and it's not the default log-in screen
if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') ) {
wp_redirect( $referrer . '?login=failed' ); // let's append some information (login=failed) to the URL for the theme to use
exit;
}
}
function rockport_blank_login() {
$referrer = $_SERVER['HTTP_REFERER'];
if ( !strstr($referrer, 'wp-login') ) { // login1 is the name of the loginpage.
if ( !strstr($referrer, '?login=failed') ) { // make sure we don’t append twice
wp_redirect( $referrer . '?login=failed' ); // let’s append some information (login=failed) to the URL for the theme to use
} else {
wp_redirect( $referrer );
}
exit;
}
}
add_action( 'authenticate', 'rockport_blank_login');
add_action( 'wp_login_failed', 'rockport_login_fail' ); // hook failed login
What am I doing wrong? Thanks!
you forget to use to check $username.
you can also check the complete guide here
add_action( 'wp_login_failed', 'rockport_login_fail' ); // hook failed login
function rockport_login_fail( $username ) {
$referrer = $_SERVER['HTTP_REFERER'];
// if there’s a valid referrer, and it’s not the default log-in screen
if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') && $username!=null ) {
if ( !strstr($referrer, '?login=failed' )) { // make sure we don’t append twice
wp_redirect( $referrer . '?login=failed'); // let’s append some information (login=failed) to the URL for the theme to use
} else {
wp_redirect( $referrer );
}
exit;
}
}
add_action( 'authenticate', 'rockport_blank_login');
function rockport_blank_login( $username ){
$referrer = $_SERVER['HTTP_REFERER'];
if ( !strstr($referrer,'wp-login') && $username==null ) { // login1 is the name of the loginpage.
if ( !strstr($referrer, '?login=failed') ) { // make sure we don’t append twice
wp_redirect( $referrer . '?login=failed' ); // let’s append some information (login=failed) to the URL for the theme to use
} else {
wp_redirect( $referrer );
}
exit;
}
}
Today I tried to update Wordpress to the latest version (3.5.1). After doing this, I can't open wp-admin/index.php anymore. It gives me a 404 error. I've looked into the index.php file and it breaks when the function auth_redirect() is called. Here's the code of that function:
function auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page
$secure = ( is_ssl() || force_ssl_admin() );
$secure = apply_filters('secure_auth_redirect', $secure);
// If https is required and request is http, redirect
if ( $secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
exit();
} else {
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
exit();
}
}
if ( is_user_admin() )
$scheme = 'logged_in';
else
$scheme = apply_filters( 'auth_redirect_scheme', '' );
if ( $user_id = wp_validate_auth_cookie( '', $scheme) ) {
do_action('auth_redirect', $user_id);
// If the user wants ssl but the session is not ssl, redirect.
if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
exit();
} else {
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
exit();
}
}
return; // The cookie is good so we're done
}
// The cookie is no good so force login
nocache_headers();
$redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
$login_url = wp_login_url($redirect, true);
wp_redirect($login_url);
exit();
}
However I can't find the specific part where it breaks, since it's not giving me an error message, it just shows a 404 page, and in Firefox it says it's not redirecting correctly.
Could someone please help me out on this?
Thank you!
Some additional information:
I've found the line where it breaks, it is:
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
Echoing $_SERVER['HTTP_HOST'] and $_SERVER['REQUEST_URI'] gives me the expected result (www.domain.com/blog). However it just doesn't work :(
I have had similar issues in the past. But it usually involves a new plugin installation... Couple of things:
Try to increase the RAM available. WP has given me hassles in the past similar to this and it was RAM related. You should be able to increase the RAM in your .htaccess file
Is this a production system? If not, perhaps make a note of all the plugins, delete them, try access the system. If that works, then you know the issue was plugin based and not WP itself. You can then systematically add the plugins back one by one and determine which one caused the issue.