Forked from techjewel/protect_login_for_admin_roles.php
Last active
March 30, 2021 09:40
-
-
Save quangmai911/9a3844c67c8f3f76a56d1b7debbe7b2c to your computer and use it in GitHub Desktop.
Code snippet to reject login for admin/authors from the regular login url
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| * Code snippet to reject login for admin/authors from the regular login url | |
| * In this example, people who have edit_posts permission is require special url string to login | |
| * The URL need to be: https://yourdomain.com/wp-login.php?salt=your_random_url_string | |
| * For normal users they can login without the special salt | |
| * But If author or admin try to login it will reject the authentication | |
| * | |
| */ | |
| add_action('wp_login', function ($username, $user) { | |
| // your target salt. Feel free to customize this | |
| $urlParamString = 'your_random_url_string'; | |
| if (user_can($user, 'edit_posts')) { | |
| $refer = wp_get_referer(); | |
| if (!strpos($refer, $urlParamString)) { | |
| wp_logout(); | |
| wp_redirect(wp_login_url()); | |
| exit(); | |
| } | |
| } | |
| }, 1, 2); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment