Support » Plugin: Force Login » Troubles with whitelisting admin-login

  • Resolved bacherprepress

    (@bacherprepress)


    Hi

    Thank you for your great little plugin!

    I’m using it with success but have one little issue.
    I would like to allow users to pass to the normal backend login screen that would be accesible with this URL.
    https://bacher-trauerportal.ch/wp-admin

    I tried to set exceptions with the methods described in the FAQ.
    This works well for the password reset pages but somehow not for the backend-login.
    Could you point me in the right direction?

    Below is the content of my functions.php from the child theme.

    *** *** *** ***

    <?php
    /* Custom functions code goes here. */

    /**
    * Filter Force Login to allow exceptions for specific URLs.
    *
    * @param array $whitelist An array of URLs. Must be absolute.
    * @return array
    */
    function my_forcelogin_whitelist( $whitelist ) {
    $whitelist[] = home_url( ‘/wp-admin/’ );
    $whitelist[] = home_url( ‘/mein-konto/passwort-vergessen/’ );
    return $whitelist;
    }
    add_filter( ‘v_forcelogin_whitelist’, ‘my_forcelogin_whitelist’ );

    /**
    * Bypass Force Login to allow for exceptions.
    *
    * @param bool $bypass Whether to disable Force Login. Default false.
    * @return bool
    */
    function my_forcelogin_bypass( $bypass ) {
    // Get visited URL without query string
    $url_path = preg_replace(‘/\?.*/’, ”, $_SERVER[‘REQUEST_URI’]);

    // Allow URL
    if ( ‘/wp-admin/’ === $url_path ) {
    $bypass = true;
    }

    // Allow filename URL
    if ( ‘/wp-admin.php’ === $url_path ) {
    $bypass = true;
    }

    // Allow URL
    if ( ‘/mein-konto/passwort-vergessen/’ === $url_path ) {
    $bypass = true;
    }

    // Allow filename URL
    if ( ‘/mein-konto/passwort-vergessen.php’ === $url_path ) {
    $bypass = true;
    }

    return $bypass;
    }
    add_filter( ‘v_forcelogin_bypass’, ‘my_forcelogin_bypass’ );

    // Custom Login URL
    function my_login_page( $login_url, $redirect ) {
    return site_url( ‘/kundenlogin/?redirect_to=’ . $redirect );
    }
    add_filter( ‘login_url’, ‘my_login_page’, 10, 2 );

    // REST-API öffentlich verfügbar machen
    remove_filter( ‘rest_authentication_errors’, ‘v_forcelogin_rest_access’, 99 );

    The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author Kevin Vess

    (@kevinvess)

    Hi, thanks for using Force Login!

    I’m not sure I understand your question– the WP admin panel / backend is only accessible to logged-in users and you can’t make the backend public.

    I tried to set exceptions with the methods described in the FAQ.
    This works well for the password reset pages but somehow not for the backend-login.

    The Force Login functionality only applies to visitors (logged-out users). As I mentioned, the backend is already protected/private from public visitors by core WP and can’t be made public.

    I hope that answers your question. Good luck!

    bacherprepress

    (@bacherprepress)

    Hi Kevin

    My Goal is not to make the entire Backend public but to send users to the normal backend login screen of WordPress who request to go there via this link https://bacher-trauerportal.ch/wp-admin

    At the moment this link is also redirected to my custom login page for the frontend users and i failed to make an exception (though they work for things like password reset).

    Christoph

    Plugin Author Kevin Vess

    (@kevinvess)

    Hi Christoph,

    The /wp-admin URL is the standard WordPress backend URL and Force Login does not run when that URL loads. WordPress should already redirect non-logged-in visitors to that URL (or any WP admin URL) to the WordPress login screen.

    You can’t use Force Login to make any WordPress admin / backend URL publicly accessible.

    My Goal is […] to send users to the normal backend login screen of WordPress

    The normal WordPress login screen is this URL: /wp-login.php which is by default publicly accessible by Force Login. Along with any of the other default WordPress login URLs, such as the lost-password or register URLs.

    At the moment this link is also redirected to my custom login page for the frontend users and i failed to make an exception

    Your issues are likely tied to how you’ve set up your custom login URL, not Force Login.

    Thanks and good luck!

    Hi Kevin

    Sorry for bothering you one last time.

    Yes it may not be the plugin itself that makes this redirect.
    I’m using the code snippet below in the functions.php that i found in this topic in your forum (https://wordpress.org/support/topic/custom-login-page-15/) to redirect people to my custom login page.

    is it possible to set an exception there for the standard wordpress login URLs?

    — — — —

    // Custom Login URL
    function my_login_page( $login_url, $redirect ) {
    return site_url( ‘/kundenlogin/?redirect_to=’ . $redirect );
    }
    add_filter( ‘login_url’, ‘my_login_page’, 10, 2 );

    — — — —

    kind Regards

    Plugin Author Kevin Vess

    (@kevinvess)

    I’m sorry– I still don’t understand your request.

    The standard WordPress login URLs should already be publicly accessible by both core WordPress and Force Login. You shouldn’t need to add an exception for those URLs.

    is it possible to set an exception [in the login_url filter] for the standard wordpress login URLs?

    The login_url filter is for modifying the default WP login URL returned by the wp_login_url() function. Meaning, anywhere the site uses the wp_login_url() function to get the site’s login URL – it will return whatever URL you’ve specified or changed it to using that login_url filter.

    If Force Login is blocking (redirecting to your login URL) visitors from front-end pages you’d like publicly accessible, you should be able to use the v_forcelogin_bypass filter to add exceptions for those other custom URLs.

    I hope this answers your question, thanks!

    Plugin Author Kevin Vess

    (@kevinvess)

    is it possible to set an exception [in the login_url filter] for the standard wordpress login URLs?

    I think what you mean to ask, is if your login_url filter can only change the login URL for non-admin page requests – yes?

    If you question is about customizing the WordPress login URL with the login_url filter– this is definitely not about the Force Login plugin.

    With that being said, this might be helpful to you:

    // Custom Login URL
    function my_login_page( $login_url, $redirect ) {
        if ( ! is_admin() ) {
            login_url = site_url( '/kundenlogin/?redirect_to=' . $redirect );
        }
        return login_url;
    }
    add_filter( 'login_url', 'my_login_page', 10, 2 );

    Yes if i understand You correctly i believe that’s what i’m trying to do (-;

    I tried your snippet and it produced a syntax error on the line with login_url = site_url…
    I trried to add a “$” before “login_url”. This removes the error and the code is valid but if i add it to my function php and test my site i get another error-message:
    Something like “too many redirects” so it seems there’s a redirect-loop.

    Any Idea why it won’t work? i know you are in no way obliged to answer this but if you find some spare time to do so i would be grateful.

    Plugin Author Kevin Vess

    (@kevinvess)

    Hi– you’re correct, my example code needed to include the $ on the $login_url variable to fix the syntax error. Here is the updated code:

    // Custom Login URL
    function my_login_page( $login_url, $redirect ) {
        if ( ! is_admin() ) {
            $login_url = site_url( '/kundenlogin/?redirect_to=' . $redirect );
        }
        return $login_url;
    }
    add_filter( 'login_url', 'my_login_page', 10, 2 );

    As for the redirect loop, maybe it’s caused by your custom login URL: /kundenlogin/?

    Sorry, I don’t know what’s causing the redirect loop without having access to the site and web server to troubleshoot your code. If you figure it out, post the solution.

    Good luck!

Viewing 8 replies - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.