I'm trying to removeredirection to wp-login after I've moved the wp installation in a subdirectory for security issues. How can I remove the redirection from myurl.wyz/wp-admin? I want to access the backend from myurl.xyz/wp-subdirectory/wp-admin.
If you want to change the location of your wp-admin folder, you will face a lot of issues to keep things working. I would not suggest so actualy move this folder somewhere else.
You are talking about security, so I think you don't want the backend to be found with wp-admin because every wordpress user knows this path.
So there is a plugin for changing the url of your backend login. This will make your site more save, because the login form cannot be found that easy: https://wordpress.org/plugins/change-wp-admin-login/
EDIT: If you want to have custom redirection, you can create a plugin and adjust the code for your needs:
<?php
/*
Plugin Name: Redirect Wordpress Admin pages
Description: Redirect if accessed
Version: 1.0
*/
add_action( 'template_redirect', function() {
if( ( is_admin() ) ) {
if (!is_user_logged_in() ) {
wp_redirect( site_url( '/wp-subdirectory/wp-admin' ) );
exit();
}
}
});
add_action('wp_logout','auto_redirect_after_logout');
function auto_redirect_after_logout(){
wp_redirect( home_url() );
exit();
}
Hope this helps.
Related
I am using Buddypress and a plugin called Teambooking. The Teambooking plugin doesn't know of the existence of Buddypress and it uses the default Wordpress author query string (/?author="id", where id is the user id number) to create and display a link to an author's page.
But Buddypress provides profile pages for users.
So I want to be able to catch when someone clicks on the standard author page link (/?author="id") and re-direct the page to Buddypress user profile page. I thought I could use the hook 'template-redirect' to catch this event, but that doesn't work, because the hook only get's triggered when the destination page is being loaded, and what is happening is that Wordpress is automatically redirecting the URL that has the /?author="id" query string to the index.php page, because there is no author.php page.
I cannot use $_SERVER["QUERY_STRING"] either to parse the URL , because as I said, Wordpress automatically redirects to index.php, dropping the query string.
I also was thinking that I could create an author.php page, so that WordPress stops redirecting to index.php, and then use 'template_redirect' hook to redirect the author.php to the buddypress profile page, but that didn't work either. I created author.php on my theme's directory but Wordpress continues to redirect to index.php.
Any ideas on how to this redirection from the /?author="id" query to the proper buddypress profile page of the user?
This must happen all the time with plugins that are not aware of Buddypress being installed .
thanks
-Malena
It turns out that the free version of Yoast SEO plugin was redirecting a query for the author page (?author=id) to index.php automatically, and I wasn't aware of it. So I had to deactivate Yoast SEO plugin, and then used is_author() to detect when the author archive page was being requested (?author=id query string in URL ) inside a template-redirect hook in order to redirect the call to the appropriate BuddyPress user profile. Here is the code I used in functions.php, which does the redirection:
/* Redirect author page to BuddyPress page */
function my_page_template_redirect()
{
/** Detect if author archive is being requested and redirect to bp user profile page */
if( is_author() )
{
global $wp_query;
if(isset($wp_query->query_vars['author'])) {
$userID = urldecode($wp_query->query_vars['author']);
}
$url = bp_core_get_user_domain($userID);
wp_redirect( $url );
exit();
}
add_action( 'template_redirect', 'my_page_template_redirect' );
Buddypress doesn't work with the default permalink structure, so it probably isn't the author id that you're looking for. If your permalink structure were set to Post name for instance, then this would work.
/* Redirect author page to buddypress page */
function my_page_template_redirect()
{
if( is_author() )
{
global $wp_query;
$user = get_user_by( 'slug', $wp_query->query['author_name'] );
$url = bp_core_get_user_domain($user->ID);
wp_redirect( $url );
exit();
}
}
add_action( 'template_redirect', 'my_page_template_redirect' );
I'm trying to hide the wp-login.php on my site so I installed the plugin Rename wp-login.php, I renamed it as log-in. Now I want to redirect it to my custom login page so the default login form of wordpress is totally hidden. Is there a way to accomplish this? I have already tried a redirection plugin and the code below however it only supports the wp-login.php and not my new login url:
function redirect_login_page(){
// Store for checking if this page equals wp-login.php
$page_viewed = basename( $_SERVER['REQUEST_URI'] );
// permalink to the custom login page
$login_page = get_permalink( '10' );
if( $page_viewed == "wp-login.php" ) {
wp_redirect( $login_page );
exit();
}
}
Is there a way to do this without actually altering the wordpress base files?
Try this
add_action('init','custom_login');
function custom_login(){
global $pagenow;
if( 'wp-login.php' == $pagenow ) {
wp_redirect('http://localhost/wordpresstest/blog/');
exit();
}
}
Try This Out
// Hook the appropriate WordPress action
add_action('init', 'prevent_wp_login');
function prevent_wp_login() {
// WP tracks the current page - global the variable to access it
global $pagenow;
// Check if a $_GET['action'] is set, and if so, load it into $action variable
$action = (isset($_GET['action'])) ? $_GET['action'] : '';
// Check if we're on the login page, and ensure the action is not 'logout'
if( $pagenow == 'wp-login.php' && ( ! $action || ( $action && ! in_array($action, array('logout', 'lostpassword', 'rp', 'resetpass'))))) {
// Load the home page url
$page = get_bloginfo('url');
// Redirect to the home page
wp_redirect($page);
// Stop execution to prevent the page loading for any reason
exit();
}
}
You can achieve the results of accessing wordpress admin via custom admin login page using a plugin named All In One WP Security & Firewall.
The All In One WordPress Security plugin will take your website security to a whole new level. This plugin is designed and written by experts and is easy to use and understand.It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.
Your requirement:
This plugin has ability to hide admin login page. Rename your WordPress login page URL so that bots and hackers cannot access your real WordPress login URL. This feature allows you to change the default login page (wp-login.php) to something you configure.
For more features, refer plugin codex
you can refer this plugin https://wordpress.org/plugins/custom-login-url/
or
https://www.inkthemes.com/how-to-redirecting-wordpress-default-login-into-a-custom-login-page/
In wordpress i want a different homepage for logged-in users and those who are logged-out (simple changing the redirect url when somebody clicks on the title of my website). Is there a way of doing this by adding a code snippet in my themes functions.php? I tried:
add_filter('get_the_permalink','my_permalink_redirect');
function my_permalink_redirect($permalink) {
if( is_user_logged_in() ) {
global $post;
if ($post->ID == 1) {
$permalink = 'http://localhost/homepage-for-logged-users';
}
}
return $permalink;
}
unfortunately it doesn't work and it would be unhandy to change the function from localhost to my domain name when i upload the site to a live hosting. can somebody give me some advice? Thanks!
edit:I got it working with the pluging "login with ajax" where I could define redirects after logins and I putted this snippet in my functions.php.
// Redirect users who arent logged in and on a 404 to the home page for logged out users
function login_redirect() {
// Check to see if user in not logged in and on the home page for logged users
if(!is_user_logged_in() && is_404()) {
// If user is, Redirect to home page for logged out users.
wp_redirect(home_url('home-logged-out'));
exit;
}
}
// add the block of code above to the WordPress template
add_action( 'wp', 'login_redirect' );
*I made the pages for logged-in users private so logged-out users will see 404. Not a very clean method, but it works for now...
Set your default home page to the page logged in users should see.
Add this code to functions.php:
add_action('init', 'redirect_user');
// for users not logged in
function redirect_user(){
if( !is_user_logged_in() ) {
wp_redirect( 'http://www.YourSite.com/SomePage');
exit;
}
}
Logged in users will see what they should see, and those not logged in will be redirected.
I have http://mysite.com/admin.php
There I check wether the user is admin or not.
In second case I send the user to the wp-login page like this:
blog.mysite.com/wp-login.php?redirect_to=http%3A%2F%2Fmysite.com/admin.php
I expect redirect back for admin.php but wordpress always send me to wp-admin control panel.
I have researched.
When the dest. host is not in filter
allowed_redirect_hosts
WP just redirect the user to wp-admin.
How can I add more hosts to the filter?
If I put this example from the WP Codex on functions.php it stops working.
(http://codex.wordpress.org/Plugin_API/Filter_Reference/allowed_redirect_hosts)
add_filter( 'allowed_redirect_hosts' , 'my_allowed_redirect_hosts' , 10 );
function my_allowed_redirect_hosts($content){
$content[] = 'blog.example.com';
$content[] = 'codex.example.com';
// wrong: $content[] = 'http://codex.example.com';
return $content;
}
Add the following in your functions.php:
function my_allowed_redirect_hosts($allowed_host) {
$allowed_host[] = 'anothersite.com';
$allowed_host[] = 'www.someotherwebsite.com';
return $allowed_host;
}
add_filter('allowed_redirect_hosts','my_allowed_redirect_hosts');
Replace anothersite.com and add new values accordingly.
If you're trying to redirect users in a normal page, you can make use of Wordpress's wp_redirect() function:
<?php
wp_redirect( $location, $status );
exit;
?>
Documentation: wp_redirect()
Hope this helps!
Finally it works!
What I was doing wrong is putting the code in the WP functions.php file, and not in my custom theme functions.php file.
Thanks all!
I am trying to create my own plugin in wordpress. Everything works great but I want to make a loginredirect check for users who want to access to the plugins page.
Here is my function in my functions.php:
function wpuf_auth_redirect_login() {
$user = wp_get_current_user();
if ( $user->id == 0 ) {
nocache_headers();
wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
exit();
}
}
And this is from my myplugin.php:
function wpuf_user_edit_profile() {
wpuf_auth_redirect_login(); // if not logged in, redirect to login page
nocache_headers();
wpuf_post_form_style();
wpuf_user_edit_profile_form();
}
add_shortcode('wpuf_editprofile', 'wpuf_user_edit_profile');
It is not working. If I enter the plugins page as a guest in browser it does not redirect. It only shows the template uncomplete. Any help?
Where you say that it 'only shows the template uncomplete', this could indicate that there is a syntax error in your PHP code, and the server has stopped rendering the page at the point of that error.
I would suggest that you check for any errors by turning error reporting on, and seeing what happens from there.