The first thing you do when you entered into your WordPress wp-admin page is try to login but do you know that it happens often that your WordPress website becomes a victim hundreds of times if its wp-admin area is not secured in one-to-many ways. Idea is simple, better secure it. It’s not always essential to use plugins for doing the same but in turn you can also use snippets – the short codes – which are basically means for login purpose. With this article, you will find below the 15 most essential WordPress login snippets.
Expire Protected Post Cookie With Session
You need to set the time of 0 in setcookie() to your theme’s functions.php template. Setting the time will let you forces the cookie to expire the session.
|
add_action( 'wp', 'post_pw_sess_expire' ); function post_pw_sess_expire() { if ( isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) ) // Setting a time of 0 in setcookie() forces the cookie to expire with the session setcookie('wp-postpass_' . COOKIEHASH, '', 0, COOKIEPATH); } |
Source: Drew Jaynes
Display login form anywhere with wp_login_form
Sometimes it happens that you may wish to add a login form to customize your WordPress theme and this can be possible by adding wp_login_form() function to your theme. All you need to do is to submit the following snippet in the location where you wish to display the login form.
Login with username or email address
The snippet will let users login using a username or an email address. You need to put the snippet to the functions.php of your WordPress theme. The snippet will change the text on the login page from “username” to “username/email.”
|
function login_with_email_address($username) { $user = get_user_by('email',$username); if(!empty($user->user_login)) $username = $user->user_login; return $username; } add_action('wp_authenticate','login_with_email_address'); function change_username_wps_text($text){ if(in_array($GLOBALS['pagenow'], array('wp-login.php'))){ if ($text == 'Username'){$text = 'Username / Email';} } return $text; } add_filter( 'gettext', 'change_username_wps_text' ); |
Source: c.bavota
Display avatar for currently logged in user with get_avatar
The snippet will let you display the currently logged in users avatar in your theme.
|
<?php global $current_user; get_currentuserinfo(); echo get_avatar( $current_user->ID, 64 ); ?> |
Redirect based on user roles or capabilities
The snippet will let you redirect users based on roles or capabilities. You need to add the snippet to the functions.php template of your WordPress theme.
|
function wps_login_redirect_contributors() { if ( current_user_can('contributor') ){ return 'url-to-redirect-to'; } } add_filter('login_redirect', 'wps_login_redirect_contributors'); |
Source: Milo via Stackexchange
Redirect back to referring page after login
Adding this snippet to the functions.php of your WordPress theme will redirect your visitors to the page they were viewing after logging in.
|
if ( (isset($_GET['action']) && $_GET['action'] != 'logout') || (isset($_POST['login_location']) && !empty($_POST['login_location'])) ) { add_filter('login_redirect', 'my_login_redirect', 10, 3); function my_login_redirect() { $location = $_SERVER['HTTP_REFERER']; wp_safe_redirect($location); exit(); } } |
User controlled optional login redirect
The snippet will let user controlled optional login redirect with a select menu.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
|
<?php // Fields for redirect function custom_login_fields() { ?> <p> <label> <strong>Choose your location: </strong> <select name="login_location"> <option value="">Select …</option> <option value="<?php bloginfo('url'); ?>#banking">Banking</option> <option value="<?php bloginfo('url'); ?>#insurance">Insurance</option> <option value="<?php echo get_permalink(2); ?>">Securities</option> </select> </label> </p><br/> <?php } // Redirect function function location_redirect() { $location = $_POST['login_location']; wp_safe_redirect($location); exit(); } // Add fields to the login form add_action('login_form','custom_login_fields'); // Make sure the redirect happens only if your fields are submitted if ( (isset($_GET['action']) && $_GET['action'] != 'logout') || (isset($_POST['login_location']) && !empty($_POST['login_location'])) ) add_filter('login_redirect', 'location_redirect', 10, 3); ?> |
Source: Taproot Creative
Add a login link to the wp_nav_menu
The snippet will add a login link to your wp_nav_menu.
|
add_filter('wp_nav_menu_items', 'add_login_logout_link', 10, 2); function add_login_logout_link($items, $args) { $loginoutlink = wp_loginout('index.php', false); $items .= '<li>'. $loginoutlink .'</li>'; return $items; } |
Require login to view posts
The code below will make a condition in front of your readers to login first if they want to see specific posts defined by and array of post IDS. The code required to be added to the functions.php template
|
// add to functions.php function you_must_login() { global $post; if ( !is_single() ) // Use: !is_single() for members only posts and, Use: !is_page() for members only pages. return; $post_ids = array( 188, 185, 171 ); // array of post IDs that force users to login before reading if ( in_array( (int) $post->ID, $post_ids ) && !is_user_logged_in() ) { auth_redirect(); } } |
Source: New2WP
Prevent access to wp-admin
Adding this snippet to your functions.php will redirect subscribers away from wp-admin to the home page.
|
if ( is_user_logged_in() && is_admin() ) { global $current_user; get_currentuserinfo(); $user_info = get_userdata($current_user->ID); if ( $user_info->wp_user_level == 0 ) { header( 'Location: '.get_bloginfo('home').'/wp-login.php?redirect='.get_bloginfo('home').'/wp-admin/' ); } } |
Source: Flowdrops.com
Extend auto logout period
The code will extend the length of time cookies.
|
function logged_in( $expirein ) { return 604800; // 1 week in seconds } add_filter( 'auth_cookie_expiration', 'logged_in' ); |
Check if user is logged in
The code will let you display alternate content to users that are logged in.
|
<? if (is_user_logged_in()) { /* yes user is logged in */ }else{ /* no user is not logged in */ } ?> |
htaccess for a better login URL
The code will change your login url from www.website.com/wp-login.php to www.website.com/login/
|
RewriteRule ^login$ http://website.com/wp-login.php [NC,L] |
Sidebar login
Adding the snippet to the sidebar of your WordPress theme will let you allow your visitors to register and login from your sidebar.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
|
<li> <?php global $user_ID, $user_identity, $user_level ?> <?php if ( $user_ID ) : ?> <h2>Control panel</h2> <ul> <li>Identified as <strong><?php echo $user_identity ?></strong>. <ul> <li><a href="<?php bloginfo('url') ?>/wp-admin/">Dashboard</a></li> <?php if ( $user_level >= 1 ) : ?> <li><a href="<?php bloginfo('url') ?>/wp-admin/post-new.php">Write an article</a></li> <?php endif // $user_level >= 1 ?> <li><a href="<?php bloginfo('url') ?>/wp-admin/profile.php">Profile and personal options</a></li> <li><a href="<?php bloginfo('url') ?>/wp-login.php?action=logout&redirect_to=<?php echo urlencode($_SERVER['REQUEST_URI']) ?>">Exit</a></li> </ul> </li> </ul> <?php elseif ( get_option('users_can_register') ) : ?> <h2>Identification</h2> <ul> <li> <form action="<?php bloginfo('url') ?>/wp-login.php" method="post"> <p> <label for="log"><input type="text" name="log" id="log" value="<?php echo wp_specialchars(stripslashes($user_login), 1) ?>" size="22" /> User</label><br /> <label for="pwd"><input type="password" name="pwd" id="pwd" size="22" /> Password</label><br /> <input type="submit" name="submit" value="Send" class="button" /> <label for="rememberme"><input name="rememberme" id="rememberme" type="checkbox" checked="checked" value="forever" /> Remember me</label><br /> </p> <input type="hidden" name="redirect_to" value="<?php echo $_SERVER['REQUEST_URI']; ?>"/> </form> </li> <li><a href="<?php bloginfo('url') ?>/wp-register.php">Register</a></li> <li><a href="<?php bloginfo('url') ?>/wp-login.php?action=lostpassword">Recover password</a></li> </ul> <?php endif // get_option('users_can_register') ?> </li> |
Hide login errors
The code will disable the login errors that are displayed to users.
|
add_filter('login_errors', create_function('$a', "return null;")); |