Hide backend, redirect links to admin in emails too?

  • Tom

    (@rockstar_tom)


    7 years, 4 months ago

    I’m using the hide backend feature on iThemes Security and all works well. I use another plugin which sends an email to a user to notify them that a post has been edited. Within the email is a link to the post. The link uses the standard /wp-admin/my-post URL format and so if the person clicks the email link and is not logged in to the site then they see ‘page not found’, as they should do because iThemes is set to hide the backend.

    If the user is already logged in to the site and clicks the email link then it opens the post.

    I’ve spoken with the other plugin authors and they suggested we ask you ‘how to setup redirection for a URL in an email (when the user is not logged in). Essentially, the user is getting redirected to the login page’.

    Can you help us with this please?

Viewing 4 replies - 1 through 4 (of 4 total)

  • @rockstar_tom

    I’m a bit puzzled by this.

    /wp-admin/my-post doesn’t look like a proper link for editing a post.
    (I would expect something like wp-admin/post.php?post=1&action=edit).

    Is the user supposed to enter the Admin Dashboard to edit the (edited) post ?
    Or is the user supposed to simply read the (edited) post in the frontend ?
    (Probably not).

    Also: how does the plugin generate the post link URL in the email ? What WordPress function is used by the other plugin to generate the post link URL ? get_edit_post_link() ? Or perhaps it’s hard coded …

    Assuming wp-admin/post.php?post=1&action=edit is the correct link URL format for editing a post, adding &itsec-hb-token=[slug] as an extra parameter to the URL (where [slug] should be substituted with the Hide Backend login slug) would probably make the link work (in a non logged in situation). That is it would redirect to the login screen and add a redirect_to URL parameter …

    After logging in the user is then auto redirected to the edit post screen within the Admin Dashboard.
    You can actually test this. Simply copy/paste the URL from the email link into the browser address bar and then manually add the extra URL parameter. Just to see what happens. Make sure the user is not already logged in AND the Hide Backend cookie (itsec-hb-login-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx) is not set in the browser …

    Not offering this as a solution, but trying to understand what’s happening and thinking towards a solution ??

    • This reply was modified 7 years, 4 months ago by pronl.
    Thread Starter Tom

    (@rockstar_tom)

    Hi Pronl,

    Thanks for the reply. Sorry, my post wasn’t clear. To clarify:

    After clicking the link in the email the user is supposed to enter the Admin Dashboard to edit the (edited) post.

    I don’t know how the link is generated in the email, I’m sure it’s not hard coded but I will find this out for you.

    wp-admin/post.php?post=1&action=edit is indeed the link format used in the emails.

    I’ve not yet updated to the latest version of the plugin which I see the way Hide Backend has changed. I will do this first and see if it fixes this issue.

    @rockstar_tom

    Ah right, I assumed you were already on the latest release.

    Never mind how the link is being generated. The format confirms it’s probably done by a call to the get_edit_post_post() function.

    So indeed test after updating the plugin.

    The Hide Backend feature has totally been refactored ??

    I’ve lost where that option is even though I’ve changed the login url.
    Currently users can still access wp-admin if they know it.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Hide backend, redirect links to admin in emails too?’ is closed to new replies.