WP-Admin and WP-Login.Php redirect

  • Resolved gamicord

    (@gamicord)


    2 years, 3 months ago

    Hello Sir,
    My website is a BuddyPress Community website.

    This means that few or more hundreds of people will be Logging in to Register and create Accounts on my website.

    Now, I don’t want these people to ever see the WP-Admin and the WP-Login.Php Pages.

    In short, I don’t want these my users to even know that a WP-Admin and Wp-Login.Php Page even exist.

    It should be that, even if people deliberately type “mydomain.com/wp-admin” or they deliberately type “mydomain.com/wp-login.php” , it should immediately and instantly redirect them to the Custom Login Page that I have created– and they should never see the “wp- admin and “wp-login.php” Page.

    Can this plugin achieve such function for me?

    Regards.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support MixHa

    (@mixha)

    2 years, 3 months ago

    Hello @gamicord ,

    Thank you for your inquiry.

    We have the custom login page feature planned for the one of the upcoming plugin updates.

    Kind regards

    Thread Starter gamicord

    (@gamicord)

    2 years, 3 months ago

    Thanks for your reply Sir,

    Now, I have this Code Snippet:

    function restrict_wp_admin() {        
if (!current_user_can('administrator') && !is_admin()) {            wp_redirect(home_url('/login')); // use desired slug            exit;        }    }    

add_action('admin_init', 'restrict_wp_admin');    

function restrict_wp_login() {        
if (strpos($_SERVER['REQUEST_URI'], 'wp-login.php') !== false && !is_user_logged_in()) {            wp_redirect(home_url('/login')); // use desired slug            exit;        }    }    

add_action('init', 'restrict_wp_login');


    THE PROBLEM

    The problem I have is that, when this Code Snippet is active, the Custom Login Form does not work.
    But when this Code Snippet is disabled, the Custom Login Form works.

    WHAT I TRIED

    I did research to discover that wp-login.php controls Login, Logout and Password Resets.

    It appears as if my Code is blocking the wp-login.php from functioning properly.


    REQUEST

    Can you help me with an updated Code that can intentionally stop every non-admin from seeing the Wp-Admin and the WP-Login.Php Pages, yet the Custom Login Form should be functional?

    2.) When do you plan to release the update?

    Regards.

    Plugin Author iClyde

    (@iclyde)

    2 years, 3 months ago

    Hi @gamicord

    We’re finalizing new update, but it won’t include custom login page yet.

    Upcoming release will actually 100% prevent our plugin form creating redirects related to wp-config.php and wp-admin. It is because we had multiple reports that our plugin prevents somebody from logging in because of these redirects.

    As we can’t predict what our users will configure, we have to prevent them from making such bad things.

    In terms of what you want to achieve, it will never work with redirections, if you think about security, redirection won’t help as users can still access the back-end with Ajax or REST API and make some harm to your site.

    I would highly recommend you to find plugin which will modify your login URL, in future it will be possible with our plugin but for now, there is no such feature.

    Once you such plugin, then you need to think about user permissions, there are permissions that are required to access wp-admin, if you remove them they won’t be even able to access it in terms of WP core, no plugin required to make it work. In that case any WP Permission manger plugin will be good.

    There is list of all capabilities in native WordPress: https://wordpress.org/documentation/article/roles-and-capabilities/

    You can extend this with custom permissions and additional plugins.

    Let me know if you need further assistance 🙂
    Thank you!

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘WP-Admin and WP-Login.Php redirect’ is closed to new replies.