Authorized bot-visitor for my website

  • Hi everyone. My website is hidden for unauthorized users (and for bots as well). Bots can see only the login page. But I use a caching plugin with ‘common cache for authorized users’ feature. So, once anyone visit any page, it will load in a flash for the next user. It works fine, but preloading feature not works in this case, because a ‘preload bot’ also can see only login page… A salvation could be a bot, which can log in to the website as authorized user and visit each and every page like a web crawler. Anyone knows ready-to-use solution or a way to manage it? Thanks.

    • This topic was modified 2 years, 11 months ago by andyganesh.
Viewing 5 replies - 1 through 5 (of 5 total)

  • The answer to the question depends on what you used to implement the block for unauthorized users? Is it a basic auth access protection or “only” a wordpress frontend login session? Do you use a plugin for it? If so, its developer might be the right contact for this question.

    Thread Starter andyganesh

    (@andyganesh)

    @threadi thanks for your answer. Blocking is realized this way: I got the custom code snippet in functions.php, that redirects all unauthorized users to the fully custom login page (not wp-login.php)

    What code do you use for this exactly?

    Thread Starter andyganesh

    (@andyganesh)

    @threadi 

    add_action( 'wp', 'sc_capture_before_login_page_url' );
function sc_capture_before_login_page_url(){
	session_start();
    if( !is_user_logged_in() && !is_page('nobodyknowsthisurl') && !is_page('wp-admin') && !is_page('partylogin')  ):
    $_SESSION['referer_url'] = get_the_permalink();
    endif;
}
    add_action( 'template_redirect', 'redirect_to_specific_page' );
function redirect_to_specific_page() {

if ( !is_user_logged_in() && !is_page('partylogin')  && !is_page('nobodyknowsthisurl') && !is_page('wp-admin')) {
wp_redirect('https://party-code.com/partylogin'); 
  exit;
    }
}
    add_action('wp_logout','unlog');
function unlog(){
  wp_redirect( site_url() );
  exit();
}
    if( !function_exists('sc_after_login_redirection') ):
    function sc_after_login_redirection() {
		session_start();
    $redirect_url = home_url('/');
    if ( isset($_SESSION['referer_url']) ):
        $redirect_url = $_SESSION['referer_url'];
    endif;
    return $redirect_url;
    exit;
   }
   add_filter('login_redirect', 'sc_after_login_redirection',10,3);
endif;
    • This reply was modified 2 years, 11 months ago by andyganesh.
    • This reply was modified 2 years, 11 months ago by andyganesh.

    You could check wherever you check with is_user_logged_in() if the user is logged in also if the user has a specific user agent. The bot you have in mind would have to use this user-agent string and could then access the pages without further ado.

    Example:

    $user_agent = $_SERVER['HTTP_USER_AGENT'];
if ( !is_user_logged_in() && !strpos( $user_agent, 'CostumizedAgent') && !is_page('partylogin') && !is_page('nobodyknowsthisurl') && !is_page('wp-admin') ) {
wp_redirect('https://party-code.com/partylogin'); 
  exit;
    }

    I’m just not sure now what you mean by “preload bot” and where you got this assessment that it interferes with some preload process.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Authorized bot-visitor for my website’ is closed to new replies.