Version Description
- Tweak - Improved the REST API restriction to allow alternative modes of authentication.
Download this release
Release Info
Developer | kevinvess |
Plugin | Force Login |
Version | 5.1.1 |
Comparing to | |
See all releases |
Code changes from version 5.1 to 5.1.1
- readme.txt +5 -4
- wp-force-login.php +7 -4
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=force
|
|
4 |
Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
|
5 |
Requires at least: 2.7
|
6 |
Tested up to: 4.9
|
7 |
-
Stable tag: 5.1
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -24,6 +24,7 @@ Make your website private until it's ready to share publicly, or keep it private
|
|
24 |
- Extensive Developer API (hooks & filters).
|
25 |
- Customizable. Set a specific URL to always redirect to on login.
|
26 |
- Filter exceptions for certain pages or posts.
|
|
|
27 |
- Translation Ready & WPML certified.
|
28 |
|
29 |
**Bug Reports**
|
@@ -140,6 +141,9 @@ add_action('login_enqueue_scripts', 'my_forcelogin_hide_backtoblog');
|
|
140 |
|
141 |
== Changelog ==
|
142 |
|
|
|
|
|
|
|
143 |
= 5.1 =
|
144 |
* Tweak - Restrict access to the REST API for authorized users only - props [Andrew Duthie](https://github.com/aduth).
|
145 |
* Tweak - Added load_plugin_textdomain() to properly prepare for localization at translate.wordpress.org.
|
@@ -210,6 +214,3 @@ New features: added filters for customizing the plugin.
|
|
210 |
|
211 |
= 2.0 =
|
212 |
New feature: added redirect to send visitors back to the URL they tried to visit after logging-in.
|
213 |
-
|
214 |
-
= 1.3 =
|
215 |
-
Fixes bug with password reset URL from being blocked.
|
4 |
Tags: privacy, private, protected, registered only, restricted, access, closed, force user login, hidden, login, password
|
5 |
Requires at least: 2.7
|
6 |
Tested up to: 4.9
|
7 |
+
Stable tag: 5.1.1
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
24 |
- Extensive Developer API (hooks & filters).
|
25 |
- Customizable. Set a specific URL to always redirect to on login.
|
26 |
- Filter exceptions for certain pages or posts.
|
27 |
+
- Restrict REST API to authenticated users.
|
28 |
- Translation Ready & WPML certified.
|
29 |
|
30 |
**Bug Reports**
|
141 |
|
142 |
== Changelog ==
|
143 |
|
144 |
+
= 5.1.1 =
|
145 |
+
* Tweak - Improved the REST API restriction to allow alternative modes of authentication.
|
146 |
+
|
147 |
= 5.1 =
|
148 |
* Tweak - Restrict access to the REST API for authorized users only - props [Andrew Duthie](https://github.com/aduth).
|
149 |
* Tweak - Added load_plugin_textdomain() to properly prepare for localization at translate.wordpress.org.
|
214 |
|
215 |
= 2.0 =
|
216 |
New feature: added redirect to send visitors back to the URL they tried to visit after logging-in.
|
|
|
|
|
|
wp-force-login.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Force Login
|
4 |
Plugin URI: http://vess.me/
|
5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
6 |
-
Version: 5.1
|
7 |
Author: Kevin Vess
|
8 |
Author URI: http://vess.me/
|
9 |
|
@@ -53,16 +53,19 @@ function v_forcelogin() {
|
|
53 |
}
|
54 |
add_action( 'template_redirect', 'v_forcelogin' );
|
55 |
|
56 |
-
|
57 |
* Restrict REST API for authorized users only
|
|
|
|
|
|
|
58 |
*/
|
59 |
function v_forcelogin_rest_access( $result ) {
|
60 |
-
if ( !is_user_logged_in() ) {
|
61 |
return new WP_Error( 'rest_unauthorized', __( "Only authenticated users can access the REST API.", 'wp-force-login' ), array( 'status' => rest_authorization_required_code() ) );
|
62 |
}
|
63 |
return $result;
|
64 |
}
|
65 |
-
add_filter( 'rest_authentication_errors', 'v_forcelogin_rest_access' );
|
66 |
|
67 |
/*
|
68 |
* Localization
|
3 |
Plugin Name: Force Login
|
4 |
Plugin URI: http://vess.me/
|
5 |
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
|
6 |
+
Version: 5.1.1
|
7 |
Author: Kevin Vess
|
8 |
Author URI: http://vess.me/
|
9 |
|
53 |
}
|
54 |
add_action( 'template_redirect', 'v_forcelogin' );
|
55 |
|
56 |
+
/**
|
57 |
* Restrict REST API for authorized users only
|
58 |
+
*
|
59 |
+
* @param WP_Error|null|bool $result WP_Error if authentication error, null if authentication
|
60 |
+
* method wasn't used, true if authentication succeeded.
|
61 |
*/
|
62 |
function v_forcelogin_rest_access( $result ) {
|
63 |
+
if ( null === $result && !is_user_logged_in() ) {
|
64 |
return new WP_Error( 'rest_unauthorized', __( "Only authenticated users can access the REST API.", 'wp-force-login' ), array( 'status' => rest_authorization_required_code() ) );
|
65 |
}
|
66 |
return $result;
|
67 |
}
|
68 |
+
add_filter( 'rest_authentication_errors', 'v_forcelogin_rest_access', 99 );
|
69 |
|
70 |
/*
|
71 |
* Localization
|