A lot of times people wish to place a front end login form on their Website, which helps to hide the fact that the site is running WordPress. This works great, except when a user has a fail login attempt. When that happens, they are automatically directed to the default wp-login.php, which is not good for those wishing to disguise their site. This quick tip shows you how to avoid redirecting to wp-login.php.
[box style=”notice”]This is a quick tip. Check out more Quick Tips[/box]
This quick snippet will force WordPress to redirect to the URL that you specify in wp_redirect() when a user fails to login.
1 2 3 4 5 6 7 8 9 | add_action( 'wp_login_failed', 'pippin_login_fail' ); // hook failed login function pippin_login_fail( $username ) { $referrer = $_SERVER['HTTP_REFERER']; // where did the post submission come from? // if there's a valid referrer, and it's not the default log-in screen if ( !empty($referrer) && !strstr($referrer,'wp-login') && !strstr($referrer,'wp-admin') ) { wp_redirect(home_url() . '/?login=failed' ); // let's append some information (login=failed) to the URL for the theme to use exit; } } |
We also append a $_GET variable, login, and set it equal to failed, which we can use in our theme to display special content only when the user has failed to login.
thanks pippin!
Very nice. Have seen something similar elsewhere but your code works.
Is there a way to direct to a specific page and not the homepage?
Yes, just replace home_url() with the URL of the page you’d like to redirect to, or use the get_permalink() function.
Is there a similar technique that can be used to redirect users on a front-end enabled password reset form, to prevent erroneous entries from redirecting to the back-end reset screen?
I’m not sure I understand what you mean.
I mean the form you fill out when you forget your password. It’s easy to use a similar method to make a front-end version of this, so that they enter the username/password they don’t have to be taken to a WP style screen to do so. However if they enter a username or password that’s not in WP, they get taken to the forgot password WP screen with an error message, roughly equivalent to the problem you described in this post.
Gotcha. Yes you could definitely do that, but the feature is not included in the plugin.
Hello ! its a very good tip! so.. where have i to past this code ? in functions.php ????
Yep that works just fine.
This code works perfectly, thanks man!
This will redirect the careless user only when both of
loginandpasswordfields are set. If at least one of them is empty (blank), this will redirect him to/wp-login.phpagain. Not a solution to hide WordPress usage.idem maxoud. any thought on that one?
I think I found a solution. take a look :
function wp_authenticate($username, $password) {
$username = sanitize_user($username);
$password = trim($password);
$user = apply_filters(‘authenticate’, null, $username, $password);
if ( $user == null ) {
$user = new WP_Error(‘authentication_failed’, __(‘ERROR: Invalid username or incorrect password.’));
}
$ignore_codes = array(’empty_username’, ’empty_password’);
if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) {
// Put your code here
}
return $user;
}
Hope it works !
Dan, here is what i’ve found:
WordPress login widget redirect prevention.
How can i show error message after text box of password when user enters wrong password ?
If you’re using my [login_form] short code, it will display an error already.
Hey Pippin!
Your code works perfectly. And this is what i was looking around from the net. I got you finally. Thanks for the tricks! 🙂
Hi!
We´re planning to make our site multi-lingual.
So how can we redirect English-speaking, Swedish-speaking and Spanish-speaking clients to different “LOGIN FAILED”-pages?
Grateful for any ideas / solutions you might have
/Erik
At this time we don’t have a built in way to handle that so it will require custom development. I’d recommend hiring a developer to do it (unless you have one on staff already): https://restrictcontentpro.com/consultants
thats work but when use permalink for post this isnt work like that
localhost/login-client-portal/&login=failed
Is there any way that we can redirect a member who is not verified their email address.?
very nice
best article
thanks a lot
Pingback: WoocommerceのログインリンクからアカウントページにRedirectする方法 | 極楽ちょんぼ
This will redirect the careless user only when both of login and password fields are set. If at least one of them is empty (blank), this will redirect him to /wp-login.php again. Not a solution to hide WordPress usage.
Exactly!
thanks to sharing , i used it ^_^
Tomorrow will be 9 years since you posted this, but I needed it today. Less than 5 minutes from the Google Search to successful implementation on my site. Thank you!
I am in fact happy to glance at this weblog posts which includes plenty of
valuable data, thanks for providing these information.
Thank you for your best website, God willing 🙂