Allow Prohibited username only on wp-login.php
-
Hello!
I’d like to ask you if there’s a way to have a prohibited username (admin in my case) so people cannot use my admin name through my frontend modal, but that I can still be able to login only through the backend (wp-login.php).
I use the plugin “Keyy”, it’s like CLEF if you remember it, so I want to only be able to login through that as admin and all my users to login through the frontend.
I put my admin username to the prohibited usernames in Cerber, but it affects Keyy thus I could not login, so I deleted the username from the list for now.
Please let me know.
Thanks!
-
Hey!
I bring this thread back again, to show a working solution I got from Keyy’s author, so admins can no longer login through the frontend, as it should be in my opinion.
Here’s the snippet:
<?php add_action('authenticate', 'keyy_block_front_end_admin_logins', 999, 3 ); function keyy_block_front_end_admin_logins($user, $username, $password) { if (is_a($user, 'WP_User') && $user->has_cap('manage_options') && !is_backend_login()) { return new WP_Error( 'failed', __( "Admins cant login from the front end", "keyy")); } return $user; } function is_backend_login(){ $path = str_replace(array('\\','/'), DIRECTORY_SEPARATOR, ABSPATH); return (in_array($path.'wp-login.php', get_included_files()) || $GLOBALS['pagenow'] === 'wp-login.php' || $_SERVER['PHP_SELF']== '/wp-login.php'); }I’d like to hear your feedback on this!
Thanks.
The topic ‘Allow Prohibited username only on wp-login.php’ is closed to new replies.
