Preventing Admin Login with Subscriber-Only Access

  • Resolved onehourlifegood

    (@onehourlifegood)


    5 months, 1 week ago

    Hi everyone,

    I need some help. When users log in, I want them to get an error message if they enter a username and password that isn’t for a subscriber. This is to prevent anyone from guessing admin credentials. I tried using a custom plugin with the code below, but it still allows admin logins. Any advice?

    function custom_check_user_role_before_auth($user, $username, $password) {

        if (is_wp_error($user)) {
            return $user;
        }

        $user_obj = get_user_by('login', $username);

        if ($user_obj && is_array($user_obj->roles) && !in_array('subscriber', $user_obj->roles)) {
            return new WP_Error(
                'invalid_username',
                sprintf(
                    __('Error: The username %s is not registered on this site. If you are unsure of your username, try your email address instead.', 'domain.com'),
                    $username
                )
            );
        }

        return $user;
    }
    add_filter('authenticate', 'custom_check_user_role_before_auth', 5, 3);

    Could my code be conflicting with Paid Member Subscriptions?

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.