Support » Networking WordPress » Redirect all login attempts to root login page with mod_rewrite

Viewing 11 replies - 1 through 11 (of 11 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    It depends where you put it in your .htaccess.

    If you put the lines BELOW the WP ones, then the WP ones go first. Above, and they go second.

    Can you share your .htaccess?

    Sorry for the slow response. Was out of the office for a while.

    They are above all WP ones. Here’s the top few lines of the .htaccess file:

    php_value upload_max_filesize 100M
    php_value post_max_size 200M
    
    RewriteEngine On
    RewriteBase /
    
    # take users from an individual blog's login page back to the
    # root login page
    RewriteRule ^.+wp-login.php(.*)$ wp-login.php$1 [L,NC]

    ALL other redirects are after here.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    Hm. Well, why not cheat and use a filter? I suspect the problem is that wp-login.php passes params on it’s own, and your borking those.

    WordPress: Redirect Users After Log In

    // Redirect admins to the dashboard and other users elsewhere
    add_filter( 'login_redirect', 'novasource_login_redirect', 10, 3 );
    function novasource_login_redirect( $redirect_to, $request, $user ) {
        // Is there a user?
        if ( is_array( $user->roles ) ) {
            // Is it an administrator?
            if ( in_array( 'administrator', $user->roles ) )
                return home_url( '/wp-admin/' );
            else
                // Go to the home URL of the site you're on:
                return home_url();
    
                // to go to a specific page on the site:
                // return get_permalink( 83 );
    
                // Go to the network home
                // return network_site_url();
    
        }
    }

    See http://codex.wordpress.org/Plugin_API/Filter_Reference/login_redirect 🙂

    I suspect the problem is that wp-login.php passes params on it’s own, and your borking those.

    But doesn’t mod_rewrite complete its operations before the PHP executes? If this RewriteRule was working, then seems like there’s no way I could possibly end up at a subsite’s wp-login.

    And I wasn’t clear about something. Since I am in subdirectory mode, if I hit the login page for any individual blog except the base blog, the URI stem will be /blogname/wp-login.php. I want to redirect any such hit to /wp-login.php, so that they have to log in to the base blog first.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    Yeah, but look at how WP has their redirects. You’d want this:

    RewriteRule ^([_0-9a-zA-Z-]+/)?wp-login.php$ wp-login.php$1 [L,NC]

    Still, it doesn’t matter where they log in, does it? I mean, once you log in to subsite, you’re logged in for all sites.

    Still, it doesn’t matter where they log in, does it? I mean, once you log in to subsite, you’re logged in for all sites.

    It does matter. The Active Directory Integration plugin is not network aware, so it is only configured on the base blog. I must have users sign in on the base blog first.

    . is supposed to match any character, so ^.+wp-login.php(.*)$ ought to match, as it is saying match wp-login.php with at least one character before it.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    Oh bah, humbug, for plugins that aren’t network aware :/

    I know . means ‘any’ but again, look at how WP’s default .htaccess handles it. There’s probably a reason they don’t do it that way.

    Anyway, there are still other WP tricks like….

    function redirect_register() {
      global $blog_id;
      if ($blog_id != 1) {
        wp_redirect( 'http://maindomain.com/wp-login.php' );
        exit();
      }
    }
    add_action( 'login_form_register', 'redirect_register' );

    I figured it out with the help of colleagues. This one works:
    RewriteRule ^.+wp-login.php(.*)$ /wp-login.php$1 [L,NC,R=301]

    If I remove the ,R=301, it stops working.

    301 vs. 304? Don’t care too much, as long as it redirects. But I have no clue why a 301 is required to make this work.

    With more investigation, I now realize this was 100% my fault.

    I assumed RewriteRules cause redirects by default. In fact, unless explicitly specified, a RewriteRule may instead just internally proxy some other content on the same server.

    Adding the R flag forces the redirect, causing the behavior I wanted.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    Replied there.

    IMO, you should still use ([_0-9a-zA-Z-]+/)?wp-login.php(.*)$ because that should prevent any front-facing page with ‘wp-login.php’ in the slug from getting redirected too. I admit the odds are astronomical in that happening, but we’ve met weirder users 😉

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Redirect all login attempts to root login page with mod_rewrite’ is closed to new replies.