Safe to use this code with Wordfence to restrict Admin login to main login form?

  • Resolved Johnny

    (@tandacopywriting)


    1 year, 7 months ago

    Is it safe to use this code with Wordfence to restrict admins from logging in from the WooCommerce “My Account” page, and force them to login from the main login form only?

    function wpse_398884_add_admin_login_hidden_field() {
    echo '<input type="hidden" name="admin-login-page" value="1" />';
}
add_action( 'login_form', 'wpse_398884_add_admin_login_hidden_field', 10, 0 );

function wpse_398884_restrict_admin_login_location( $user, $username, $password ) {

    if ( $user instanceof WP_User && ! isset( $_POST['admin-login-page'] ) ) {
        if ( array_intersect( (array) $user->roles, [ 'administrator' ] ) ) {
            return new WP_Error( 'admin-error', 'Use admin login page instead.' );
        }
    }

    return $user;
}
add_filter( 'authenticate', 'wpse_398884_restrict_admin_login_location', 40, 3 );
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfjanet

    (@wfjanet)

    Hi @tandacopywriting,

    Thank you for reaching out to us.

    We strongly recommend that you don’t modify our plugin code, and as a result, we don’t provide support for this.

    If you modify our plugin code, your code changes will be lost every time you update the plugin, and you will need to add your modifications back.

    Thanks,

    Janet

    Thread Starter Johnny

    (@tandacopywriting)

    Hi @wfjanet — this code wouldn’t modify your plugin, it would go in functions.php. The question is if your plugin would allow that code to run or else if that code would replace the action of your plugin (ie, does your plugin take over the native wp_authenticate() function)?

    • This reply was modified 1 year, 7 months ago by Johnny.
    • This reply was modified 1 year, 7 months ago by Johnny.
    • This reply was modified 1 year, 7 months ago by Johnny.
    Thread Starter Johnny

    (@tandacopywriting)

    hello?

    Plugin Support wfjanet

    (@wfjanet)

    Hi @tandacopywriting,

    Wordfence does not replace the wp_authenticate() function. We use the authenticate filter (same as your code) to allow compatibility with other plugins using the authenticate filter. This looks like it should be compatible with Wordfence.

    If you’re using Wordfence’s the 2FA and reCAPTCHA features, please be sure to test those with your code in place to make sure it works as expected for both admins and regular users.

    Let me know how it goes.

    Thanks,

    Janet.

    Thread Starter Johnny

    (@tandacopywriting)

    The code works.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Safe to use this code with Wordfence to restrict Admin login to main login form?’ is closed to new replies.