I am trying to change the wordpress Admin Login URL (wp-admin) by plugin and it will work good. But can't change wordpress theme option. So, any one Please give good solution. and without Plugin. Also want easy way.
You can try this code.
This code redirects to the homepage whenever the default /wp-admin or /wp-login is accessed. You can set a passcode as the login URL and only allow wp-admin and wp-login access via this URL: https://www.yourdomain.com/?you-set-your-passcode
Add this code to the functions.php of your theme.
// define and set passcode that serves as login url.
define('PASSCODE','make-you-own-passcode');
function mask_login_url(){
// redirect to login page when passcode is verified
if( !is_user_logged_in() && parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY) == PASSCODE ){
wp_safe_redirect( home_url('wp-login.php?'. PASSCODE .'&redirect=false') );
exit();
}
// redirect to dashboard if user has already logged in
if( is_user_logged_in() && parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY) == PASSCODE ){
wp_safe_redirect( home_url("wp-admin") );
exit();
} }
add_action( 'init', 'mask_login_url');
function mask_login_redirects(){
if( isset($_POST['passcode']) && $_POST['passcode'] == PASSCODE) return false;
// redirects to dashboard when /wp-admin is accessed and user is logged in
if ( (is_user_logged_in()) && (strpos($_SERVER['REQUEST_URI'], 'wp-admin') !== false)) {
wp_safe_redirect( home_url("wp-admin"), 302 );
exit();
}
// redirects to homepage when /wp-admin or /wp-login is accessed and user is not logged in
if ( (!is_user_logged_in()) && ((strpos($_SERVER['REQUEST_URI'], 'wp-admin') !== false) || (strpos($_SERVER['REQUEST_URI'], 'wp-login') !== false)) && ( strpos($_SERVER['REQUEST_URI'], PASSCODE) === false ) ) {
wp_safe_redirect( home_url(), 302 );
exit();
}
// redirect to homepage after logout
if( strpos($_SERVER['REQUEST_URI'], 'action=logout') !== false ){
check_admin_referer( 'log-out' );
wp_logout();
wp_safe_redirect( home_url('?logged-out'), 302 );
exit();
}
}
add_action( 'login_init', 'mask_login_redirects', 1);
// Add a passcode hidden field to login form
function custom_login_hidden_field(){
echo '<input type="hidden" name="passcode" value="'. PASSCODE .'" />';
}
add_action('login_form', 'custom_login_hidden_field');
There are several url's to get to the WP login/admin screen, so you need to change all of them. The below could be DRY-er for sure, but it's broken down into individual solutions. Everything redirects to home_url() except for desired login url:
// Disable Password Reset URL & Redirect.
function disable_register_and_lost_pwd_actions() {
if (isset( $_GET['action'] )){
if ( in_array( $_GET['action'], array(
'lostpassword',
'retrievepassword',
'register'
) ) ) {
wp_safe_redirect( esc_url(home_url(), 302 ));
exit;
}
}
if (isset( $_GET['registration'] )){
if ( in_array( $_GET['registration'], array(
'enabled',
'disabled'
) ) ) {
wp_safe_redirect( esc_url(home_url(), 302 ));
exit;
}
}
}
add_action( "login_init", "disable_register_and_lost_pwd_actions" );
Below based on this solution:
https://wordpress.stackexchange.com/questions/160098/change-login-url-without-plugin
Whatever you define as the variable $new_login is will be the new login slug:
www.your-website.com/
or
www.your-website.com/wp-login.php?
function redirect_to_new_login() {
$new_login = '<your-new-login-here>';
if (parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) == '/'.$GLOBALS['new_login']) {
wp_safe_redirect(esc_url(home_url("wp-login.php?{$GLOBALS['new_login']}")));
exit();
}
}
add_action('init', 'redirect_to_new_login');
function redirect_old_login_to_home() {
$new_login = '<your-new-login-here>';
if (strpos($_SERVER['REQUEST_URI'], $new_login) === false) {
wp_safe_redirect(home_url(), 302);
exit();
}
}
add_action('login_head', 'redirect_old_login_to_home');
I have two recomendations for you.
1 - https://www.elegantthemes.com/blog/tips-tricks/how-to-create-a-custom-wordpress-login-url
2 - This plugin has the option to rename the admin url.
https://www.icontrolwp.com/blog/wordpress-shield-security-plugin/
Regards,
Ed.
Related
I want to give access Woo product single page only for Logged in users.
I have a product listing on the Homepage and Shop page, What I want is: when a logged out user click on a Product, the user will get a Login form and after Logged in user will be redirected to the Product page that he wanted to View.
So the flow will be something like:
Home/Shop-> click to Product X -> Login page -> Redirect to Product X single page
Currently, I am using the regular Woo Login form created by this function
woocommerce_login_form()
I am trying bellow code snippets:
add_filter('login_redirect', 'my_login_redirect', 10, 3);
function my_login_redirect() {
$location = $_SERVER['HTTP_REFERER'];
var_dump($location);
wp_safe_redirect($location);
exit();
}
}
add_action('init','my_login_redirect');
function my_login_redirect() {
$location = $_SERVER['HTTP_REFERER'];
var_dump($location);
//wp_safe_redirect($location);
}
-----------------------
AND ALSO THIS ONE
-----------------------
function redirect_after_login(){
global $wp;
$protocol='http';
if (isset($_SERVER['HTTPS']))
if (strtoupper($_SERVER['HTTPS'])=='ON')
$protocol='https';
if (!is_user_logged_in() && is_product() ){
$redirect = site_url() . "/my-account.php?redirect_to= $protocol://" .
$_SERVER["HTTP_HOST"] . urlencode($_SERVER["REQUEST_URI"]);
wp_redirect( $redirect );
exit;
}
}
add_action( 'wp', 'redirect_after_login', 3 );
In both of cases, the problem is, it always find the Login page as HTTP_REFERER / REQUEST_URI
Because currently, I am using below code to redirect Non-logged-in user who is trying to see the product page to the Login page:
add_action('template_redirect', 'ethis_redirect_for_loggedin_users');
function ethis_redirect_for_loggedin_users() {
if ( !is_user_logged_in() && is_product() ) {
wp_redirect(site_url().'/default-login');
exit;
}
}
You can use the template_redirect filter hook to prevent guest users to access a single product page.
add_action( 'template_redirect', 'wc_redirect_non_logged_to_login_access');
function wc_redirect_non_logged_to_login_access() {
if ( !is_user_logged_in() && is_singular( 'product' ) ) {
global $post;
wp_redirect( get_permalink( get_option('woocommerce_myaccount_page_id')).'?redirect='.get_the_permalink( $post->ID ) );
exit();
}
}
Then after you have to use the woocommerce_login_redirect filter hook for login redirect.
add_filter( 'woocommerce_login_redirect', 'my_login_redirect', 10, 2 );
function my_login_redirect( $redirect, $user ) {
if( isset( $_GET['redirect'] ) && $_GET['redirect'] != '' ){
return $_GET['redirect'];
}
return $redirect;
}
Code will go in your active theme functions.php Tested and Works.
I need to check for logged-in users & redirects to pages with wp_redirect, but it goes through redirected many times
I have tried with template_redirect & init hooks
add_action( 'template_redirect', 'redirect_to_specific_page' );
function redirect_to_specific_page() {
if ( !is_user_logged_in() ) {
wp_redirect( 'http://localhost/lawyer_portal/login/' );
exit;
}
}
Try the follows code snippet -
add_action( 'template_redirect', 'redirect_to_specific_page' );
function redirect_to_specific_page() {
// Assume that url login slug is a page
if ( !is_user_logged_in() && !is_page( 'login' ) ) {
wp_redirect( 'http://localhost/lawyer_portal/login/' );
exit;
}
}
So, I would like to deny users the ability to access the wordpress dashboard. But, I want to allow users to use Front End PM which uses AJAX for sending messages between users.
How can I allow the PMs but deny all access to the dashboard?
The classic functions.php approach:
add_action( 'init', 'my_custom_dashboard_access_handler');
function my_custom_dashboard_access_handler() {
// Check if the current page is an admin page
// && and ensure that this is not an ajax call
if ( is_admin() && !( defined( 'DOING_AJAX' ) && DOING_AJAX ) ){
//Get all capabilities of the current user
$user = get_userdata( get_current_user_id() );
$caps = ( is_object( $user) ) ? array_keys($user->allcaps) : array();
//All capabilities/roles listed here are not able to see the dashboard
$block_access_to = array('subscriber', 'contributor', 'my-custom-role', 'my-custom-capability');
if(array_intersect($block_access_to, $caps)) {
wp_redirect( home_url() );
exit;
}
}
}
Unfortunately, this will redirect from AJAX... thoughts?
If I use User Role Editor... can users access the dashboard?
Essentially, only allow admins to access the dashboard... without limiting AJAX.
You can use
function sm_restrict_admin_with_redirect() {
if( defined('DOING_AJAX') && DOING_AJAX ) {
//Allow ajax calls
return;
}
if( ! current_user_can( "manage_options" ) ) {
//Redirect to main page if the user has no "manage_options" capability
wp_redirect( get_site_url() );
exit;
}
}
add_action( 'admin_init', 'sm_restrict_admin_with_redirect', 1 );
I am looking for the user to redirect to the home page when the user tries to access the video permalink.
function wpb_imagelink_setup() {
$image_set = get_option( 'image_default_link_type' );
if ($image_set !== 'none') {
update_option('image_default_link_type', 'none');
}
}
add_action('admin_init', 'wpb_imagelink_setup', 10);
I tried the above code, but it doesn't work
Actually you need to redirect the users via template_redirect hook that you can use as per below.
add_action( 'template_redirect', 'redirect_to_specific_page' );
function redirect_to_specific_page() {
$image_set = get_option( 'image_default_link_type' );
if ( is_page($image_set) && ! is_user_logged_in() ) {
wp_redirect( 'http://www.yourhomepage.com/', 301 );
exit;
}
}
Check the $image_set is getting correct URL.
This code checks if a user is logging in for the first time, that is after registration. I want to redirect him to a custom page if so. Otherwise, redirect him to the homepage or admin page.
function mylogin_redirect() {
global $user_ID;
if( $user_ID ) {
$user_info = get_userdata( $user_ID );
// If user_registered date/time is less than 48hrs from now
// Message will show for 48hrs after registration
if ( strtotime( $user_info->user_registered ) > ( time() - 172800 ) ) {
header("Location: http://example.com/custompage");
} elseif( current_user_can( 'manage_options' )) {
header("Location: http://example.com/wp-admin/");
} else {
header("Location: http://example.com/");
}
}
}
add_action('wp_head', 'mylogin_redirect');
But it doesn't work? My guess is it doesn't get hooked into wp_head...
I tried the following using login_redirect filter:
function mylogin_redirect($redirect_to, $url_redirect_to = '', $user = null) {
global $user_ID;
if( $user_ID ) {
$user_info = get_userdata( $user_ID );
// If user_registered date/time is less than 48hrs from now
// Message will show for 48hrs after registration
if ( strtotime( $user_info->user_registered ) > ( time() - 172800 ) ) {
return get_bloginfo('url') . "/custompage/";
} elseif( current_user_can( 'manage_options' )) {
return admin_url();
} else {
return get_bloginfo('url');
}
}
}
add_filter('login_redirect', 'mylogin_redirect');
Though it logs me in, it doesn't get me anywhere but to http://example.com/wp-login.php instead with a blank page.
UPDATE:
Ok, I don't know what's happening. Using the filter hook, I can get to the intended destination only after second login. Well not really second login but on the second click of the login button. I did it like so: enter credentials -> login -> (wrong page) -> hit back button -> enter credentials again -> login -> (correct page). Weird.
You need to adjust your filter call like so;
// filter name, callback, priority, accepted args
add_filter('login_redirect', 'mylogin_redirect', 10, 3);
Redirecting users on first login in WordPress: Cookie-based solution & User meta table based solution