I'm running the Rename wp-login.php plugin on my WordPress website. This plugin allows you to 'rename' wp-login.php and /wp-admin/ so the visitor can't find the admin login.
However, when the visitor visits /wp-admin/ he'll be seeing the 'You must log in to access the admin area' error message.
I want to change this so the visitor sees a 404 page. The code for this error message is as follows:
if ( is_admin() && ! is_user_logged_in() && ! defined( 'DOING_AJAX' ) ) {
wp_die( __( 'You must log in to access the admin area!', 'wp-login' ) );
}
I have tried changing it to
if ( is_admin() && ! is_user_logged_in() && ! defined( 'DOING_AJAX' ) ) {
function generate_404() {
global $wp_query;
$wp_query->set_404();
}
add_action('wp','generate_404');
}
and I have also tried
if ( is_admin() && ! is_user_logged_in() && ! defined( 'DOING_AJAX' ) ) {
global $wp_query;
$wp_query->set_404();
status_header( 404 );
get_template_part( 404 ); exit();
}
But none of that did work. Please help me out.
Related
I want to redirect users to login page in Wordpress if the user has not logged in and want to access the following pages (blog, events, mentorship-forum, job-opportunities, internship, and volunteers). Currently, the redirect function is working correctly with the blog and event pages.
This is the function code:
add_action( 'template_redirect', function() {
if ( ! is_page('login-to-view') && ! is_user_logged_in() && ! is_page('/about-us') && ! is_page('/contacts') && ! is_page('') && ! is_page('/services')){
auth_redirect();
}
});
if ( ! is_user_logged_in() && is_page( array( 'First page', 'Seconde page', 'Another page' ) ) ) {
auth_redirect();
}
Do not forget to use the Page ID, title or slug.
I have a site where I want some users to have the role type of admin but still not be able to access the admin area (don't ask!) This is more of a temporary fix whilst my new site is being built.
I am using this code at the moment which blocks everyone to the admin area unless role type is admin - but how can I block admin unless username is 'mack' for example.
add_action( 'init', 'blockusers_init' );
function blockusers_init() {
if ( is_admin() && ! current_user_can( 'administrator' ) &&
! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
wp_redirect( home_url() );
exit;
}
}
Obviously the user still needs to access all other front end pages of the site, just not the admin area.
use wp_get_current_user():
$current_user = wp_get_current_user();
if ($current_user->user_login != 'mack') {
//It's not mack...
}
If you want a temporary fix without working in your code maybe can you disable user
https://srd.wordpress.org/plugins/disable-users/
Otherwise as #Eduardo say you can do something like this
add_action( 'init', 'blockusers_init' );
function blockusers_init() {
$current_user = wp_get_current_user();
if ( is_admin() && ! current_user_can( 'administrator' ) &&
! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) && $current_user->user_login != 'mack' ) {
wp_redirect( home_url() );
exit;
}
}
Im developing a Wordpress-plugin, where the main file of the plugins includes a PHP-file depending on (supposed to at least) if you are back-end or front-end.
As the is_admin() returns true on AJAX requests, I have used the DOING_AJAX constant to check whetever AJAX is done or not:
if ( is_admin() && ( ! defined( 'DOING_AJAX' ) || ! DOING_AJAX ) ) {
require_once('admin/functions_admin.php');
}
else {
require_once('public/functions_public.php');
}
The correct file is loaded in wp-admin. The correct file is loaded front-end. Ajax-requests works front-end - but not back end. The "if" is not executed when doing Ajax back-end with this code.
When adding the following "else if" code it works back-end, but then not frond-end of course:
else if ( is_admin() ) {
require_once('admin/functions_admin.php');
}
There is a note about this fact on the Ajax in plugin codex page.
As the hook use wp-admin/admin-ajax.php you must avoid using is_admin(), that will Always returns true.
An example, you want to include a file only on front end, you check with !is_admin(), in the file you have the wp_ajax_{$action} , but admin-ajax.php will Always return true, and the response will be 0.
What the codex says;
Both front-end and back-end Ajax requests use admin-ajax.php so is_admin() will always return true in your action handling code.
When selectively loading your Ajax script handlers for the front-end and back-end, and using the is_admin() function, your wp_ajax_(action) and wp_ajax_nopriv_(action) hooks MUST be inside the is_admin() === true part.
So, if your question is : how can i make my script works ?
Remove is_admin() and replace it with another conditional.
Source Ajax in plugin
Hope it helps
Sorted this out by gathering all AJAX-functions (both front- and back-end) in a third file:
// Is admin, but not doing ajaax
if ( is_admin() && ( ! defined( 'DOING_AJAX' ) || ! DOING_AJAX ) ) {
require_once('admin/functions_admin.php');
}
// Is doing AJAX
else if ( is_admin() && ( defined( 'DOING_AJAX' ) || DOING_AJAX ) ) {
require_once('functions_ajax.php');
}
// Front-end functions
else {
require_once('public/functions_public.php');
}
There is a specific function to perform this task: wp_doing_ajax()
I've got this brilliant piece of code that restricts access to the wp-admin login page unless the user logged in is an admin to the site:
add_action( 'init', 'blockusers_init' );
function blockusers_init() {
if ( is_admin() && ! current_user_can( 'administrator' ) &&
! ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
wp_redirect( home_url() );
exit;
}
}
I want to add another function that restricts access and performs the same redirect to my home page BUT for a specific page of my site.
But this isn't working:
add_action( 'init', 'blockusers_init' );
function blockusers_init() {
if ( is_admin() && ! current_user_can( 'administrator' ) &&
! ( defined( 'mysite.co.uk/shop' ) && DOING_AJAX ) ) {
wp_redirect( home_url() );
exit;
}
}
And I'm not surpised by that but I was hoping somebody had to correct code to perform this function?
Thanks
You can add this to your header.php file to check if they're on the page and if they're an admin or not
if(is_page(PAGE_ID)){
current_user_can( 'manage_options' ){
---do redirect here or whatever else---
}
}
You can also create load the function via the init action like you did.
I have a woocommerce web site and I would like to hide the shop when the user in not logged. I put this code in the file ! archive-product.php which is in my template 'twentytwelve-child' in a woocommerce folder.
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
auth_redirect();
get_header( 'shop' ); ?>
Normaly the 'auth_redirect()' have to redirected me in the login page, but it just doesn't work.
I tried also with this code but it does not work also.
$login = is_user_logged_in();
if ($login == FALSE ) {
wp_redirect( home_url() );
exit;
}
Did I do something wrong?
Thanks you. I also add some other features which can be helpful.
// Redirect none registered users to a login page
function custom_redirect() {
if( (is_shop() || is_product() || is_product_category() ) && ! is_user_logged_in() ) {
wp_redirect( site_url( '/mon-compte' ) );
exit();
}
}
add_action("template_redirect","custom_redirect");
You don't need to modify Woocommerce template file for what you are trying to achieve. Just add the following code to functions.php
function custom_redirect() {
if( is_shop() && ! is_user_logged_in() ) {
wp_redirect( home_url() );
exit();
}
}
add_action("template_redirect","custom_redirect");