wp-login.php accessible with blank information

  • Resolved erikggonc

    (@erikggonc)


    7 years, 3 months ago

    Hello Georgian [redacted], how are you?

    After a few months using the plugin without any problems with the following script in functions.php, a doubt came up, and it became a necessity.

    /* redirect original wp-login.php script */
function wppbc_free_default_login_redirect() {
	$login_page = 'LOGIN_PAGE_URL';
	$register_page ='REGISTER_PAGE_URL';
	$password_recovery_page = 'PASSWORD_RECOVERY_PAGE_URL';

	$page = basename($_SERVER['REQUEST_URI']);

	if( $page == "wp-login.php" && $_SERVER['REQUEST_METHOD'] == 'GET') {
		wp_redirect($login_page);
		exit;
	}
	else if ($page == "wp-login.php?action=register") {
		wp_redirect($register_page);
		exit;
	}
	else if ($page == "wp-login.php?action=lostpassword") {
		wp_redirect($password_recovery_page);
		exit;
	}
		if( $page == "wp-admin" && $_SERVER['REQUEST_METHOD'] == 'GET') {
		wp_redirect($login_page);
		exit;
	}
}
add_action('init','wppbc_free_default_login_redirect');

    When a user sends incorrect or blank login information, is it possible to redirect him back to the login page of the plugin instead of the wp-login.php page?

    Is it possible to supplement the script mentioned above?

    Thank you very much!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Georgian Cocora

    (@raster02)

    Hello @erikggonc,

    This should happen by default.
    If you remove the code and try to login on our front-end page, do you remain on wp-login.php if an error is triggered ?

    Regards.

    Thread Starter erikggonc

    (@erikggonc)

    Yes, Georgian.
    Tried to disable iThemes security and S2 Member too and the same behavior persisted.
    I don’t know if one of these plugins are interfering…
    But searching a little more, I found the solution to what I want and need: that is to take the user back to the plugin front-end page.

    Just added the complementary code:

    /* redirect invalid login script */
function invalid_login_fail( $username ) {
     $referrer = $_SERVER['HTTP_REFERER'];
     if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') ) {
          wp_redirect( $referrer . '?login=failed' );
          exit;
	}
}
add_action( 'wp_login_failed', 'invalid_login_fail' );

/* redirect blank login script */
function blank_username_password( $user, $username, $password ) {
	//global $page_id;
	$login_page = 'LOGIN_PAGE_URL';
	if( $username == "" || $password == "" ) {
	wp_redirect( $login_page );
	exit;
	}
}
add_filter( 'authenticate', 'blank_username_password', 1, 3);

    Thank you very much for you your attention and great support!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘wp-login.php accessible with blank information’ is closed to new replies.