Auto update deleted my code

You should never modify core code. It will be replaced on updates. The proper method is to write a plugin. Some info that might help: https://codex.www.ads-software.com/Customizing_the_Login_Form

Thank you for the quick reply. I am very lucky that HostGator is currently assisting me in getting back my wp-login.php file. When i get it restored i think i’ll just copy/rename it, then revert the original to its default. I edited the code so much that I literally am just using the page to check if the login information is correct, then it sends a response back to my application and closes itself. it can’t even create cookies or be used as a standard login page on the website anymore. I have a separate website login page contained in a plugin.

Do you think i’ll run into problems using this method or will it be fine? (after i rename it)

You will run into problems. Again, the proper way to modify how login works is to create a plugin. There are a number of plugins in the repo that login against other sources than the WP database that you could use as a model.

This is confusing to me and I’m trying to understand. I’m not sure that editing the functions.php is in my interest because I don’t want to modify the behavior of my normal login page, and the link you gave says you can make a custom login page using wordpress functions, which essentially is what my edited page is–I’m using wordpress login functions but then redirecting to custom pages that do (secret) checks to send a response back to my application so the app can consider the user logged in (this is not stored as a cookie).

To be perfectly clear, the wp-login.php I edited is not meant to ever be accessed anywhere except from within my application and it’s not meant to have any functionality otherwise. Web browsers do not have access to it. I don’t want to change the behavior of login forms that exist in the website.

I guess my question is, how is what I’m doing different from writing a new custom login page from scratch using wordpress functions? and what specific problems should i be worried about after I copy/rename my wp-login file?

Nothing, but you should not be modifying core files. Thus, you isolate all of that in a plugin. If you rename the login file, how do you access it? wp-login.php is pretty well set throughout WP code as the login page.

I appreciate your help. Using the plugin Ultimate Member, the login page within my website is completely separate from wp-login. wp-login.php is not a part of my website’s normal architecture whatsoever.

the only time wp-login.php is ever accessed is from within my application, which directly references the URL (ex: https://example.com/wp-login.php)
my website login URL is https://example.com/login/

2 separate logins here – one is for logging into the actual website, the other is for authenticating a login from within my application.

The act of renaming it is only so it doesn’t get rewritten again. I’ll keep a default wp-login.php page in the directory but it will never get used.

Does that make sense?

You should always keep backups, but much more so if you have highly customized code.
I’m really sorry. You must have had a pretty bad day.

The reason why you should not be editing Core code is because those files will be over-written every time that WordPress updates.
If themes or plugins update, the files in those folders will be over-written too.
Which means that you either have to place files that you don’t want to be over-written outside of the normal WordPress file structure (not recommended), or you have to save the code as an MU (Must Use) plugin. That can’t be uploaded or deleted from within /wp-admin/.

The thing with the WordPress login page is hard-coded in a number of places, often in plugins, even though it should not be. So, you may find yourself locked out of your site, or a myriad of other unintended behaviour can happen if you try to change that URL (particularly on log out).

You really should consider Steve’s advice to use an existing login plugin as a model for your own code.

Alternatively, you may want to consider whether WordPress is the right platform for your game, now and into the future.
While it makes the web accessible to anyone, it really isn’t suited for every application, nor can it be.

Best of luck!

Thank you for your help also. Perhaps a solution (because I really am not a web developer and I’m winging it with the php–writing my own plugin sounds daunting) would be to install another “members”-type plugin and modify the page with code snippets? Or simply create another login-type page with Ultimate Member and modify it with code snippets rather than editing the base file?

All this assuming that simply renaming my edited wp-login.php to something else and using it will completely fix the problem? Because this was working fine until it got updated and erased.

A login system is not the first plugin you want to write as a self-taught developer ??
But neither is modifying your wp-login file, if I am being completely honest.
Login, rights management (CAPS) and DB queries are places where things can go VERY WRONG.
Just because they work, does not mean that there are not unintended consequences.

Simply renaming your login file won’t work, no.
Depending on your hosting plan, you may be able to install more than one installation. I actually recommend breaking a test installation on purpose at least once. ?? To see what it does and to understand why it happens.
In short, if you rename the file, you are going to have difficulty logging out and chances are a number of your plugins will stop working.
I have to add here that making other changes to the file, in addition to renaming it, would solve some of these issues and there are tutorials around the web on how to do that, but it isn’t a good idea.
And, as you have found out, those changes will be over-written the moment you update.

Which leaves you with the option to turn off auto-updates and update manually (copying in the modified file again as soon as the update is done), but that isn’t recommended.
There are ways to get an MU plugin to do the “update” for you, but again, that isn’t recommended either.
All of those options interfere with the intended working of the software.

It *is* possible to add your game as a custom page template to a theme, although generally you want to keep content and appearance separate, so that should not be your first option.
The “safest” way is most likely to look for a reputable code snippet plugin and add your game to a page that way.
Although, that does have risks too and you should make sure that you understand data validation and sanitation.
You could also consider a Custom Post Type.
You can then restrict access to the page through any reputable membership plugin that offers the functionality.

Basically, even though we can have some discussion here about considerations you may want to keep in mind for different approaches, it really depends on what you are trying to do and why – and none of us can see that here. Even if we could, it is beyond the scope of the help that is intended for the forums.
There are a number of resources out there. Perhaps you may also want to consider the WordPress Stack Overflow. The thing is that you need to be willing to post your code in order to receive specific answers there, or here for that matter.

There are existing plugins that can add an OAuth server to WordPress. Look at https://www.ads-software.com/plugins/search/oauth/ to get started.

Thank you all for your help. I sort of went against what you told me, but the solution I found is working, and *hopefully* won’t have any serious issues. I looked into OAuth at one point but decided it was overkill for me because my users don’t interact with word press through my application other than logging in. Once they are logged in I wrote my own php scripts to send user data to a database separate from word press. Here’s what I did in full:

-COPY wp-login.php into a file I’ll call ek-login.php. wp-login.php remains in its default form and is never edited. The only reason I’m doing this is because wp-login.php is a good template for a login form. The built-in error functions, password hashing, and input sanitization makes everything easy. I don’t wanna mess around with this theme stuff, I just wanna hard-code janky stuff that works. I’m a self-taught hobbyist doing a solo project, not a professional.

-ek-login.php has several changes to reference itself instead of wp-login (some instances of wp_login_url() changed to a hard-coded ek-login.php url). This was the main thing that broke when I simply renamed the file, but it’s fine now.

-ek-login.php redirects to some custom scripts that send a response back to my application, then it redirects to logout and closes (my application doesn’t need the user to be considered “logged in” as a cookie)

-all the navigation is changed and some of it is hard-coded. There is no log-out button. The registration link opens a full browser window with the normal registration page.

-The security of all of this is a lot more robust than I have detailed here; don’t want to give too much away in case the wrong person ever reads this post.