somewebmedia

The plugin is working perfectly, but as in the first case, its interfering with “Basic Authentication” plugin which is responsible for redirects.

If you just want to redirect subscribers to home after login, just put the code I’ve provided to functions.php and it should work.

The thing is that our plugin is for security purposes only, and as I understood it, you just want to change the url of the wp-login. So yeah it will work for you, but there could be much easier solution just to write function that rewrites the wp-admin url without any security checking.

As far as I know, its by WP default to redirect to dashboard after loging in from wp-login.php

Try this:

function redirect_users() {
    // retrieve current user info
    global $current_user;
    get_currentuserinfo();

    // If login user role is Subscriber
    if ($current_user->user_level == 0) {
	wp_redirect(home_url());
	exit;
    }
}
add_action('admin_init', 'redirect_users');

Be aware that domain.com/wp-admin will not be accessible when using our plugin, because its sole purpose is to hide that url from possible hackers. You have to use new url you created for logging in.

So with the solution above, you’ll be able to redirect subscribers to home and let admins to dashboard.

Hope this solves your problem.

You’re missing one curly bracket ??

Here is the full code, try it:

<?php 

/*
Plugin Name: Basic Authentication
Plugin URI: https://www.cuvedev.net/2010/07/wordpress-plugin-authentication/
Description: Disable access to wordpress if not logged in
Author: Klaas Cuvelier
Author URI: https://www.cuvedev.net
Version: 1.9
*/

	/**
	 * WordPress contest which ask authentication to the users before showing the site
	 *
	 * @copyright 	Klaas Cuvelier
	 * @author 		Klaas Cuvelier, [email protected] (https://www.cuvedev.net)
	 * @version		1.9
	 * @license		GPL v2.0
	 *
	 */

	add_action('init', 'basic_auth_init');
	add_action('admin_menu', 'basic_auth_admin');

	// do the checking
	function basic_auth_init()
	{
		// check if plugin is enabled
		if (get_option('basic_authentication_enabled', '') !== 'on')
		{
			return;
		}

		// get current page
		$url = str_replace(site_url(), '', 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
		list($url, $crap) = explode('?', $url);

        // extra check when WP isn't installed in root dir - thx @ Rob Record
        $wp_dir = str_replace('https://' . $_SERVER['HTTP_HOST'], '', site_url());
        $redirect_url = $wp_dir . $url;

		// check if not login-page or admin-panel
		if ($url !== '/wp-login.php' && substr($url, 0, 9) !== '/wp-admin' && substr($url, 0, 11) !== '/xmlrpc.php' && substr($url, 1) != get_option('custom_wpadmin_slug'))
		{
			$authMethod = get_option('basic_authentication_method', ''); 

			// check method and result
			if ($authMethod === 'predefined')
			{
				session_start();
				$login = basic_authentication_doLogin();

				if (!basic_authentication_predefinedLoggedIn())
				{
					basic_authentication_showLoginForm($login, implode('?', array($url, $crap)));
					exit;
				}

			}
			else if ($authMethod === 'wp-login'	&& !is_user_logged_in())
			{
			    if (get_option('custom_wpadmin_slug') != '') {
				header('LOCATION: ' . site_url(get_option('custom_wpadmin_slug')));
				exit;
			    } else {
				header('LOCATION: ' . site_url('wp-login.php?redirect_to=' . urlencode($redirect_url) . '&reauth=1'));
				exit;
			    }
			}
		}
	}

	// add to admin menu
	function basic_auth_admin()
	{
		add_options_page('Basic Authentication Options', 'Basic Authentication', 'manage_options', 'basic-authentication', 'basic_auth_options');
	}

	// check if basic_authentication logged in
	function basic_authentication_predefinedLoggedIn()
	{
		return $_SESSION['basic_authentication_loggedin'] === true && $_SESSION['basic_authentication_pwd'] === md5(get_option('basic_authentication_password'));
	}

	// basic authentication check if try to login
	function basic_authentication_doLogin()
	{
		// time to deny logging in when tried to much (in minutes)
		$timeBlocked = 15;

		if (is_numeric($_SESSION['basic_authentication_tries']) && 	$_SESSION['basic_authentication_tries'] >= 3)
		{
			$_SESSION['basic_authentication_tries'] = 0;
			$_SESSION['basic_authentication_block'] = time();
		}

		if (is_numeric($_SESSION['basic_authentication_block']))
		{
			if (time() - $_SESSION['basic_authentication_block'] > ($timeBlocked * 60))
			{
				$_SESSION['basic_authentication_block'] = 'NO';
				unset($_SESSION['basic_authentication_block']);
			}
			else
			{
				return 'Too many login attempts, your account has been blocked temporarily.';
			}
		}

		if (isset($_POST['pwd']))
		{
			if ($_POST['pwd'] === get_option('basic_authentication_password'))
			{
				$_SESSION['basic_authentication_loggedin'] 	= true;
				$_SESSION['basic_authentication_tries'] 	= 0;
				$_SESSION['basic_authentication_pwd'] 		= md5(get_option('basic_authentication_password'));
				return 'OK';
			}
			else
			{
				$_SESSION['basic_authentication_tries'] = is_numeric($_SESSION['basic_authentication_tries']) ? $_SESSION['basic_authentication_tries'] + 1: 1;
				return 'ERROR';
			}
		}
	}

	// show basic_authentication login form
	function basic_authentication_showLoginForm($login, $url)
	{
		include(dirname(__FILE__) . '/basic-auth-login.php');
	}

	// basic auth options
	function basic_auth_options ()
	{
		include(dirname(__FILE__) . '/basic-auth-options.php');
	}

?>

Here you go:

// check if not login-page or admin-panel
if ($url !== '/wp-login.php' && substr($url, 0, 9) !== '/wp-admin' && substr($url, 0, 11) !== '/xmlrpc.php' && substr($url, 1) != get_option('custom_wpadmin_slug'))
{
	$authMethod = get_option('basic_authentication_method', ''); 

	// check method and result
	if ($authMethod === 'predefined')
	{
		session_start();
		$login = basic_authentication_doLogin();

		if (!basic_authentication_predefinedLoggedIn())
		{
			basic_authentication_showLoginForm($login, implode('?', array($url, $crap)));
			exit;
		}

	}
	else if ($authMethod === 'wp-login'	&& !is_user_logged_in())
	{
	    if (get_option('custom_wpadmin_slug') != '') {
		header('LOCATION: ' . site_url(get_option('custom_wpadmin_slug')));
		exit;
	    } else {
		header('LOCATION: ' . site_url('wp-login.php?redirect_to=' . urlencode($redirect_url) . '&reauth=1'));
		exit;
	    }
	}
}

Yup, that’s the problem.

Basic Authentication redirects to /wp-login.php, than our plugin redirects back to home because its purpose is to disallow regular wp-admin url, than Basic Authentication again redirects from home to wp-login.php and so you get en endless loop.

The only solution would be that Basic Authentication redirect to new url set by HC Custom WP-Admin URL plugin.

Have you tried turning off “Basic Authentication” plugin?

As I can see from their code, they do some redirections, probably something is conflicted. I’ll install it and check it myself, and let you know if that is the problem.

Will add this to FAQ on next update.

Thanx for the help ??

We would be really really grateful if you could provide us some login details so we can investigate.

You can email us at [email protected]

What version of WP are you using, and are you using any other plugin that does htaccess rewrites?

We’ve encountered this problem when permalinks are turned off, and currently are fixing the bug, but it should perfectly work if any permalink structure is turned on.