禁用或重定向WP-login.php

时间:2012-08-24 作者:jchwebdev

是否有办法阻止访客(无论是否登录)访问mysite.com/wp-login.php?

我有一个单独的登录表单,这是我们所需要的。我知道我可以重新设置wp-login 但我宁愿不去处理它。我尝试了各种过滤器和挂钩,但似乎无法使其重定向。我还试着用.htaccess 重定向,我发现这是可行的,但它阻止了我的自定义登录/注销表单的工作。

想法?

9 个回复
SO网友:random_user_name

找到这个问题并测试了一些答案后,下面是我在生产环境中使用的“清理”版本。

此版本不会引发任何通知/错误,还允许密码重置工作:

// Hook the appropriate WordPress action
add_action(\'init\', \'prevent_wp_login\');

function prevent_wp_login() {
    // WP tracks the current page - global the variable to access it
    global $pagenow;
    // Check if a $_GET[\'action\'] is set, and if so, load it into $action variable
    $action = (isset($_GET[\'action\'])) ? $_GET[\'action\'] : \'\';
    // Check if we\'re on the login page, and ensure the action is not \'logout\'
    if( $pagenow == \'wp-login.php\' && ( ! $action || ( $action && ! in_array($action, array(\'logout\', \'lostpassword\', \'rp\', \'resetpass\'))))) {
        // Load the home page url
        $page = get_bloginfo(\'url\');
        // Redirect to the home page
        wp_redirect($page);
        // Stop execution to prevent the page loading for any reason
        exit();
    }
}

SO网友:Androliyah

在你的主题功能中试试这个。php

add_action(\'init\',\'custom_login\');

function custom_login(){
 global $pagenow;
 if( \'wp-login.php\' == $pagenow && !is_user_logged_in()) {
  wp_redirect(\'http://yoursite.com/\');
  exit();
 }
}

SO网友:dean

为注销操作添加一个GET var,它可以正常工作。

add_action(\'init\',\'custom_login\');

function custom_login(){
 global $pagenow;
 if( \'wp-login.php\' == $pagenow && $_GET[\'action\']!="logout") {
  wp_redirect(\'http://YOURSITE.com/\');
  exit();
 }
}

SO网友:gdaniel

我一直在使用WordPress插件Rename wp-login.php 很长一段时间。

它允许您切换wp-login.php 到任何其他路径。我的登录页面被机器人猛击,现在我的点击率为零。

SO网友:Fiaz Husyn

WP login处理登录、注销、注册、密码重置和检索。假设您要更改前端登录页。您可以安全地使用以下代码:

function custom_login_page() {
 $new_login_page_url = home_url( \'/login/\' ); // new login page
 global $pagenow;
 if( $pagenow == "wp-login.php" && $_SERVER[\'REQUEST_METHOD\'] == \'GET\') {
    wp_redirect($new_login_page_url);
    exit;
 }
}

if(!is_user_logged_in()){
 add_action(\'init\',\'custom_login_page\');
}
此代码段将:

将所有网站访问者重定向到新的登录页面

SO网友:corysimmons

// https://codex.wordpress.org/Plugin_API/Filter_Reference/login_url#Examples
add_filter(\'login_url\', \'custom_login_url\', 10, 3);

function custom_login_url($login_url, $redirect, $force_reauth) {
    return home_url(\'/login/?redirect_to=\' . $redirect);
}
这将重定向到/登录,而不是讨厌的wp登录表单。

SO网友:Gaia

如果你想保护wp-login.php 对于陌生人甚至能够看到它,最简单有效的方法是要求授权(基本身份验证)才能访问wp-login.php.

在里面Apache, auth is implemented via a combination of htaccess and a password file. 在浏览器会话中,任何人第一次尝试访问wp-login.php 系统将提示他们输入用户名和密码(在wordpress登录之前)。

为了简化操作,每个您想访问的人的用户名和密码都可以相同wp-login.php, 因为在成功通过第一个验证对话框后,他们仍然必须输入wordpress登录。

SO网友:Mohamed Omar

代替$pageid 使用您希望用户重定向到的页面

/* Redirect log in page */
function redirect_login_page(){
  // Store for checking if this page equals wp-login.php
   $page_viewed = basename( $_SERVER[\'REQUEST_URI\'] );

  // permalink to the custom login page
  $login_page  = get_permalink($pageid);

  if( $page_viewed == "wp-login.php" ) {
    wp_redirect( $login_page );
    exit();
  }
}

add_action( \'init\',\'redirect_login_page\' );

SO网友:Rei

<?php
/* Template Name: Register Template */
if(is_user_logged_in()) { $user_id = get_current_user_id();$current_user = wp_get_current_user();$profile_url = get_author_posts_url($user_id);$edit_profile_url = get_edit_profile_url($user_id); ?>
<div class="regted">
    You\'re login with nickname <a href="<?php echo $profile_url ?>"><?php echo $current_user->display_name; ?></a> Are you want to <a href="<?php echo esc_url(wp_logout_url($current_url)); ?>">Exit</a> ?
</div>
<?php } else { ?>
<div class="register">
    <?php $err = \'\'; $success = \'\'; global $wpdb, $PasswordHash, $current_user, $user_ID; if(isset($_POST[\'task\']) && $_POST[\'task\'] == \'register\' ) { $pwd1 = $wpdb->escape(trim($_POST[\'pwd1\']));
        $pwd2 = $wpdb->escape(trim($_POST[\'pwd2\']));
        $email = $wpdb->escape(trim($_POST[\'email\']));
        $username = $wpdb->escape(trim($_POST[\'username\']));

        if( $email == "" || $pwd1 == "" || $pwd2 == "" || $username == "") {
            $err = \'Please enter password in this field\';
        } else if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            $err = \'Email is invalid\';
        } else if(email_exists($email) ) {
            $err = \'Email is existed\';
        } else if($pwd1 <> $pwd2 ){
            $err = \'Password does not match the confirm password\';
        } else {
            $user_id = wp_insert_user( array (\'user_pass\' => apply_filters(\'pre_user_user_pass\', $pwd1), \'user_login\' => apply_filters(\'pre_user_user_login\', $username), \'user_email\' => apply_filters(\'pre_user_user_email\', $email), \'role\' => \'subscriber\' ) );
            if( is_wp_error($user_id) ) {
                $err = \'Error on user creation.\';
            } else {
                do_action(\'user_register\', $user_id);
                $success = \'Registered Successfully\';
            }
        }
    }
    ?>
  <link  rel="stylesheet" type="text/css"  href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<!--display error/success message-->
<div id="message">
        <?php
            if(! empty($err) ) :
                echo \'\'.$err.\'\';
            endif;
        ?>
        <?php
            if(! empty($success) ) :
                $login_page  = home_url( \'/login\' );
                echo \'\'.$success. \'<a href=\'.$login_page.\'> Login</a>\'.\'\';
            endif;
        ?>
    </div>

           <div class="container">    
        <div id="loginbox" style="margin-top:100px;" class="mainbox col-md-6 col-md-offset-3 col-sm-8 col-sm-offset-2">
          <div style="padding-bottom: 50px;" class="col-md-6 col-md-offset-4 col-sm-8 col-sm-offset-2"/><img src="#url.logo"></div>
    <form class="form-horizontal" method="post" role="form">
<div class="form-group">
    <label class="control-label  col-sm-3" for="username">Username:</label>
    <div class="col-sm-9">
    <input type="text" class="form-control" name="username" id="username" placeholder="Username">
    </div>
</div>
<div class="form-group">
    <label class="control-label col-sm-3" for="email">Email:</label>
    <div class="col-sm-9">
        <input type="email" class="form-control" name="email" id="email" placeholder="Email">
    </div>
</div>
<div class="form-group">
    <label class="control-label col-sm-3" for="pwd1">Password</label>
    <div class="col-sm-9">
        <input type="password" class="form-control" name="pwd1" id="pwd1" placeholder="Enter your password">
    </div>
</div>
<div class="form-group">
    <label class="control-label col-sm-3" for="pwd2">Retype password:</label>
    <div class="col-sm-9">
        <input type="password" class="form-control" name="pwd2" id="pwd2" placeholder="Retype password">
    </div>
</div>
<?php wp_nonce_field( \'post_nonce\', \'post_nonce_field\' ); ?>
<div class="form-group">
    <div class="col-sm-offset-3 col-sm-9"  style="text-align:center;">
    <button type="submit" class="btn btn-primary">Register</button>
    <input type="hidden" name="task" value="register" /><br/>
    </div>
</div>
</form>
</div>
</div>
</div>
<?php 
get_footer();
 ?>
<div class="message">
    <?php
        $login  = (isset($_GET[\'login\']) ) ? $_GET[\'login\'] : 0;
        if ( $login === "failed" ) {
                echo \'<strong>Error</strong> Wrong username or password!\';
        } elseif ( $login === "empty" ) {
                echo \'<strong>Error:</strong>Username or password is blank field.\';
        } elseif ( $login === "false" ) {
                echo \'<strong>ERROR:</strong> Exit\';
        }
    ?>
</div>
<?php } ?>
示例“我的自定义登录页”。正在保存登录名。php和put代码

add_action(\'init\',\'wpse_login\');

function wpse_login(){
 global $pagenow;
 if( \'wp-login.php\' == $pagenow && !is_user_logged_in()) {
  wp_redirect(\'http://yoursite.com/login.php\');
  exit();
 }
}
在中functions.php

结束
标签: wp-login-form   小码农  

相关推荐