A lot of times people wish to place a front end login form on their Website, which helps to hide the fact that the site is running WordPress. This works great, except when a user has a fail login attempt. When that happens, they are automatically directed to the default wp-login.php, which is not good for those wishing to disguise their site. This quick tip shows you how to avoid redirecting to wp-login.php.
This is a quick tip. Check out more Quick Tips
This quick snippet will force WordPress to redirect to the URL that you specify in wp_redirect() when a user fails to login.
1 2 3 4 5 6 7 8 9 | add_action( 'wp_login_failed', 'pippin_login_fail' ); // hook failed login function pippin_login_fail( $username ) { $referrer = $_SERVER['HTTP_REFERER']; // where did the post submission come from? // if there's a valid referrer, and it's not the default log-in screen if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') ) { wp_redirect(home_url() . '/?login=failed' ); // let's append some information (login=failed) to the URL for the theme to use exit; } } |
We also append a $_GET variable, login, and set it equal to failed, which we can use in our theme to display special content only when the user has failed to login.
thanks pippin!
Very nice. Have seen something similar elsewhere but your code works.
Is there a way to direct to a specific page and not the homepage?
Yes, just replace home_url() with the URL of the page you’d like to redirect to, or use the get_permalink() function.
Is there a similar technique that can be used to redirect users on a front-end enabled password reset form, to prevent erroneous entries from redirecting to the back-end reset screen?
I’m not sure I understand what you mean.
I mean the form you fill out when you forget your password. It’s easy to use a similar method to make a front-end version of this, so that they enter the username/password they don’t have to be taken to a WP style screen to do so. However if they enter a username or password that’s not in WP, they get taken to the forgot password WP screen with an error message, roughly equivalent to the problem you described in this post.
Gotcha. Yes you could definitely do that, but the feature is not included in the plugin.
Hello ! its a very good tip! so.. where have i to past this code ? in functions.php ????
Yep that works just fine.
This code works perfectly, thanks man!
This will redirect the careless user only when both of
loginandpasswordfields are set. If at least one of them is empty (blank), this will redirect him to/wp-login.phpagain. Not a solution to hide WordPress usage.idem maxoud. any thought on that one?
I think I found a solution. take a look :
function wp_authenticate($username, $password) {
$username = sanitize_user($username);
$password = trim($password);
$user = apply_filters(‘authenticate’, null, $username, $password);
if ( $user == null ) {
$user = new WP_Error(‘authentication_failed’, __(‘ERROR: Invalid username or incorrect password.’));
}
$ignore_codes = array(‘empty_username’, ‘empty_password’);
if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) {
// Put your code here
}
return $user;
}
Hope it works !
Dan, here is what i’ve found:
WordPress login widget redirect prevention.