Stop redirect from wp-admin
-
Hi,
Plugin is working as described but is it possible to have .htaccess or the plugin prevent use of /wp-admin and /wp-login.php urls completely?
So login would then only be able via /mynewurl/, wp-login would not redirect to /mynewurl/ but instead give 404
Many thanks
-
Hi,
currently i would suggest using some third party plugin for this, right now i am not really planning to add such feature.Hi @tobymole,
I know this is an older topic, but I wanted to share my solution with you. I was running into the same issue and ended using the 404 to 301 and combining it with a custom plugin I wrote. I am fairly new to WordPress (been using Drupal for a long time), so if I screwed something up or made a WordPress faux pas please let me know.
First setup your Custom Login URL’s plugin via the Settings -> Permalinks page.
Second activate and set up 404 to 301. In the plugin settings, set the redirect to custom url, and change the custom url setting to:
Replacing the text YOURSITE.COM with your domain name, of course. You can’t just use a /404 sadly.
Third add this file to the must use plugins directory (wp-content/mu-plugins):
redirect-default-login-pages-mu.php<?php /** * Plugin Name: Redirect Default Login Pages Must Use * Plugin URI: https://coyote6.com * Description: This is a plugin redirect's WordPress' default wp-login.php page to /404 * Version: 1.0.0 * Author: Coyote6 GraphX * Author URI: https://coyote6.com * License: GPL2 */ // // Place this module in the must use plugins folder, // in order to available for use before the wp-login.php // page redirects to the login page's new location. // // Helper function to get the base page viewed. function rdlp_get_page_viewed () { // Get the subdirectory, // in case WordPress is installed // in a sub directory. // $sub = parse_url(get_bloginfo('url'),PHP_URL_PATH); // Store for checking if this page equals wp-login.php $page_viewed = str_replace ($sub, '', $_SERVER['REQUEST_URI']); // If the page viewed has a slash at the beginning remove it. if (strpos ($page_viewed, '/') === 0) { $page_viewed = substr($page_viewed,1); } // Remove anything after a question mark. $pos = strpos ($page_viewed, '?'); if ($pos !== false) { $page_viewed = substr ($page_viewed, 0, $pos); } // Remove the trailing slash if there is one. if (substr ($page_viewed, -1) == '/') { $page_viewed = substr ($page_viewed, 0, strlen ($page_viewed) - 1); } // Return the page being viewed. return $page_viewed; } // Redirect the default login pages. function rdlp_wp_login_redirect (){ // Get the page being viewed. $page_viewed = rdlp_get_page_viewed(); // Redirect to 404 if directly trying to access the wp-login.php page. // // Functions for the other pages are not available to be called yet, // so they must be called from the regular module. // if ($page_viewed == 'wp-login.php') { header ('Location: /404'); exit(); } } add_action ('muplugins_loaded', 'rdlp_wp_login_redirect');Then add a plugin folder in the regular plugins (wp-content/plugins):
redirect-default-login-pagesInside this folder add this file:
redirect-default-login-pages.php<?php /** * Plugin Name: Redirect Default Login Pages * Plugin URI: https://coyote6.com * Description: This is a plugin redirect's WordPress' default login pages * Version: 1.0.0 * Author: Coyote6 GraphX * Author URI: https://coyote6.com * License: GPL2 */ // // Use with the custom login url & 404 to 301 plugins: // // @see https://www.ads-software.com/plugins/custom-login-url/ // @see https://www.ads-software.com/plugins/404-to-301/ // // In the settings of the 404 to 301 plugin settings, // set the redirect to custom url, change the custom // url setting to: // https://YOURSITE.COM/404 // // Replacing the text YOURSITE.COM with your domain name. // // Note: // The redirect plugin changes your .htaccess file so use // with caution with custom .htaccess files. // // <IfModule mod_rewrite.c> // RewriteEngine On // RewriteBase / // RewriteRule ^index\.php$ - [L] // RewriteRule ^login /wp-login.php [QSA,L] // RewriteRule ^reset-password /wp-login.php?action=lostpassword [QSA,L] // RewriteRule ^register /wp-login.php?action=register [QSA,L] // RewriteRule ^logout /wp-login.php?action=logout [QSA,L] // RewriteCond %{REQUEST_FILENAME} !-f // RewriteCond %{REQUEST_FILENAME} !-d // RewriteRule . /index.php [L] // </IfModule> // // The problem with just the plugin is that someone going // directly to /wp-admin or /wp-login or /wp-login will be // redirected to the login page thus revealing that you are // using WordPress. This needs to serve up a 404 page on the // same url, so combine the plugin with code in the below. // // // Redirect the default login pages. function rdlp_redirect (){ $page_viewed = rdlp_get_page_viewed(); // Catch the 404 page to keep it from redirecting in an infinite loop. if ($page_viewed == '404') { global $wp_query; $wp_query->set_404(); status_header ('HTTP/1.1 404 Not Found'); nocache_headers(); include get_query_template ('404'); die; } // Redirect to 404 if on an admin page and not logged in. else if (strpos ($page_viewed, 'wp-admin') !== false && !is_user_logged_in()) { wp_redirect ('/404'); exit(); } } add_action ('init', 'rdlp_redirect');Then activate the module. This should redirect the wp-login.php page to 404 and only allow it to be access from the path you set in the Custom Login URL plugin. The wp-admin and any sub-directory should also be redirected to the 404 page, if the user is not logged in.
A few notes: I hard coded in the 404 page, so if your 404 page is different you will need to change that. Also, the wp-admin path is searched for in the request url, so don’t name any of your regular pages or posts to have that in the url, otherwise you will need to login to see it. Finally, I tried to account for if WordPress was installed in a sub directory, but did not test it.
Thanks and hope this helps someone else down the road.
- The topic ‘Stop redirect from wp-admin’ is closed to new replies.
